CVE-2010-4357

SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter...

SQL Injection Vulnerability in cms js/comments.php File

Search once cms video program is a set of ASP + MSSQL/ACCESS PHP + MYSQL environment to build an intelligent station-building system. Search once cms v1.6 php version of the js/comments.php file there is a sql injection vulnerability, an attacker can use the vulnerability to obtain database...

PT-2009-5283 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo versions prior to 2.0.3 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the items number parameter in the comments.php file. Recommendations: For versions prior to 2.0.3, update to...

pHNews Comments.PHP本地文件包含漏洞

pHNews是一款基于PHP的WEB应用程序。 pHNews不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'Comments.PHP'脚本对用户提交的'templatesdir'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 pHMicroboard pHNews alpha 1 http://www.phnews.org/ http://www.example.com/path/modules/comments.php?templatesdir=LFI...