Lucene search
K

4 matches found

Prion
Prion
added 2008/04/02 5:44 p.m.10 views

Sql injection

Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...

7.5CVSS8.6AI score0.01001EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2008/04/02 5:44 p.m.17 views

CVE-2008-1632

Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...

7.5CVSS7.8AI score0.01001EPSS
Exploits0References2
Cvelist
Cvelist
added 2008/04/02 5:0 p.m.22 views

CVE-2008-1632

Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...

7.8AI score0.01001EPSS
Exploits0References2
CVE
CVE
added 2008/04/02 5:0 p.m.42 views

CVE-2008-1630

CVE-2008-1630 concerns CuteFlow 1.5.0 and 2.10.0, where multiple stored/reflected cross-site scripting (XSS) flaws exist in the web UI. The root cause is insufficient input validation/sanitization of the language parameter across pages such as page/showcirculation.php, edittemplate_step2.php, sho...

4.3CVSS5.7AI score0.01107EPSS
Exploits7References5Affected Software1
Rows per page
Query Builder