CVE-2019-13949

SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator=update admin password change...

DCP-Portal Multiple Scripts SQL Injection

The remote host is running DCP-Portal, a content management system powered by PHP. The version of DCP-Portal installed on the remote host fails to sanitize user-supplied input to many of its parameters before using it, either in database queries or dynamic web page generation. An attacker may be...