2 matches found
Sql injection
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the gid parameter to modules/arcade/index.php in a showstats action, or the lid parameter to 2 modules/myalbum/ratephoto.php or 3 modules/mylinks/ratelink.php, differe...
CVE-2007-5104
The provided connected records describe SQL injection vulnerabilities in the bcoos package (versions 1.0.10 and earlier). For CVE-2007-5104, remote attackers can inject via the gid parameter to modules/arcade/index.php in a show_stats action. For CVE-2007-6266, similar issues allow injection via ...