2 matches found
Bookmark4U 2.0 inc/function.php env[include_prefix] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
CVE-2006-7025
CVE-2006-7025 describes an SQL injection in the Bookmark4U app, affecting versions 2.0 and 2.1. The vulnerability is triggered in admin/config.php via the sqlcmd parameter, allowing remote attackers to inject arbitrary SQL. CVSS v2 base score 7.5 (HIGH) indicates potential impact on confidentiali...