6 matches found
Sql injection
Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 pseudo or 2 passe parameter to a configurer.php, b connect.php, c delete.php, d delete2.php, e index.php, f infos.php,...
CVE-2007-2314
Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 pseudo or 2 passe parameter to a configurer.php, b connect.php, c delete.php, d delete2.php, e index.php, f infos.php,...
CVE-2007-2314
CVE-2007-2314 : The provided documents describe multiple SQL injection vulnerabilities in Crea-Book 1.0 (and possibly earlier) when magic_quotes_gpc is disabled. The flaws allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to any of the following ad...
CVE-2007-2001
CVE-2007-2001 affects Crea-Book 1.0 and earlier via admin/configurer2.php. The vulnerability arises from direct static code injections in the Fond de la page (background color) field and related fields, allowing remote authenticated administrators to execute arbitrary PHP code and inject into con...
CVE-2007-2000
CVE-2007-2000 affects Crea-Book 1.0 and earlier. The vulnerability is multiple SQL injection flaws in admin/admin.php, exploitable via the (1) pseudo or (2) passe parameter, allowing remote attackers to run arbitrary SQL commands. The description in the connected documents confirms this vector an...
Crea-Book 1.0 - Admin Access Bypass / Database Disclosure / Code Execution
/=======================================\ | Advisory :: Crea-Book fr/en | | Date : 2007-04-10 | | Last update : 2007-04-10 | | | +-------------------------------------------------------------------------------------------------------+ | Summary : 0 Description | | 1 Vuln1 : Administrative Access...