4 matches found
Sql injection
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...
CVE-2008-1632
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...
CVE-2008-1632
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 listid parameter to pages/editmailingliststep1.php, the 2 userid parameter to pages/edituser.php, the 3 fieldid parameter to pages/editfield.php, and the 4...
CVE-2008-1630
CVE-2008-1630 concerns CuteFlow 1.5.0 and 2.10.0, where multiple stored/reflected cross-site scripting (XSS) flaws exist in the web UI. The root cause is insufficient input validation/sanitization of the language parameter across pages such as page/showcirculation.php, edittemplate_step2.php, sho...