5 matches found
CVE-2010-2917
Multiple cross-site scripting XSS vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 emailid, 2 fname, 3 lname, 4 company, 5 address1, 6 address2, 7 city, 8 state, 9 zipcode, 10 phone, and 11 fax parameters in an update...
CVE-2010-2917
AJ Square AJ Article 3.0 contains multiple XSS flaws in index.php exploitable via update action parameters (emailid, fname, lname, company, address1, address2, city, state, zipcode, phone, fax). Root cause is unsanitized input leading to script/HTML injection. CVE-2010-2917 has multiple reference...
CVE-2008-7051
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to 1 user.php, 2 articles.php, 3 articlesuspend.php, 4 site.php, 5 statistics.php, 6 mail.php, 7 category.php, 8 subcategory.php, 9 changepassword.php, 10 polling.php,...
Sql injection
SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter aka the username field...
CVE-2008-6721
AJ Square AJ Article is affected by a SQL injection in index.php, exploitable via the txtName parameter (username field). The vulnerability is documented in CVE-2008-6721 with a base CVSS v2 score of 7.5 (HIGH) and shows network attack vector, low complexity, no authentication required, and parti...