Lucene search
+L

4 matches found

CVE
CVE
added 2008/01/23 1:0 a.m.47 views

CVE-2008-0391

The CVE-2008-0391 entry concerns inc/elementz.php in aliTalk 1.9.1.1, where authentication verification is flawed, enabling remote attackers to add an arbitrary user account by tampering with the lilil parameter alongside ubild and pa. The vulnerability enables partial confidentiality, integrity,...

7.5CVSS6.8AI score0.02252EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2008/01/22 8:0 p.m.113 views

CVE-2008-0371

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...

6.8CVSS8.2AI score0.0111EPSS
Exploits1References7
Prion
Prion
added 2008/01/22 8:0 p.m.19 views

Sql injection

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 the mohit parameter to a inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via 2 the id parameter to...

6.8CVSS8.9AI score0.0111EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2008/01/22 7:0 p.m.49 views

CVE-2008-0371

CVE-2008-0371 affects aliTalk 1.9.1.1. The described issue is multiple SQL injection vulnerabilities that occur when magic_quotes_gpc is disabled. Attack paths cited in the sources include remote authenticated users manipulating the mohit parameter to inc/receivertwo.php; remote attackers manipul...

6.8CVSS8.2AI score0.0111EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder