Lucene search
+L

6 matches found

Prion
Prion
added 2007/04/26 9:19 p.m.20 views

Sql injection

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 pseudo or 2 passe parameter to a configurer.php, b connect.php, c delete.php, d delete2.php, e index.php, f infos.php,...

6.8CVSS8.7AI score0.01651EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2007/04/26 9:0 p.m.27 views

CVE-2007-2314

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 pseudo or 2 passe parameter to a configurer.php, b connect.php, c delete.php, d delete2.php, e index.php, f infos.php,...

8.1AI score0.01651EPSS
Exploits0References13
CVE
CVE
added 2007/04/26 9:0 p.m.50 views

CVE-2007-2314

CVE-2007-2314 : The provided documents describe multiple SQL injection vulnerabilities in Crea-Book 1.0 (and possibly earlier) when magic_quotes_gpc is disabled. The flaws allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to any of the following ad...

6.8CVSS8.1AI score0.01651EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2007/04/12 7:0 p.m.48 views

CVE-2007-2001

CVE-2007-2001 affects Crea-Book 1.0 and earlier via admin/configurer2.php. The vulnerability arises from direct static code injections in the Fond de la page (background color) field and related fields, allowing remote authenticated administrators to execute arbitrary PHP code and inject into con...

6.5CVSS7.6AI score0.02022EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/04/12 7:0 p.m.65 views

CVE-2007-2000

CVE-2007-2000 affects Crea-Book 1.0 and earlier. The vulnerability is multiple SQL injection flaws in admin/admin.php, exploitable via the (1) pseudo or (2) passe parameter, allowing remote attackers to run arbitrary SQL commands. The description in the connected documents confirms this vector an...

7.5CVSS8.5AI score0.01037EPSS
Exploits0References5Affected Software1
Exploit DB
Exploit DB
added 2007/04/10 12:0 a.m.42 views

Crea-Book 1.0 - Admin Access Bypass / Database Disclosure / Code Execution

/=======================================\ | Advisory :: Crea-Book fr/en | | Date : 2007-04-10 | | Last update : 2007-04-10 | | | +-------------------------------------------------------------------------------------------------------+ | Summary : 0 Description | | 1 Vuln1 : Administrative Access...

7.4AI score
Exploits0
Rows per page
Query Builder