CVE-2008-2994

Multiple cross-site scripting XSS vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the 1 annuaire parameter to a lastrecords.php and b annuaire.php and the 2 by and 3 catid parameters to annuaire.php...

Sql injection

Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via 1 the annuaire parameter to annuaire.php or 2 the username field in admin/login.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the 1 annuaire parameter to a lastrecords.php and b annuaire.php and the 2 by and 3 catid parameters to annuaire.php...

CVE-2008-2995

PHPEasyData 1.5.4 contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. The affected entry notes two injection vectors: (1) the annuaire parameter to annuaire.php and (2) the username field in admin/login.php. The NVD listing documents a CV...