6 matches found
CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...
CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...
CVE-2012-0999
CVE-2012-0999 is a SQL Injection vulnerability in LEPTON CMS, affecting the file path modules/news/rss.php. The issue arises from unsanitized input in the POST parameter group_id , enabling remote attackers to construct arbitrary SQL queries and potentially compromise the database. Affected versi...
CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...
LEPTON 1.1.3 SQL Injection / XSS / Local File Inclusion
Exploit for php platform in category web applications Vendor: LEPTON Project Vulnerable Versions: 1.1.3 and probably prior Tested Version: 1.1.3 Vendor Notification: 25 January 2012 Vendor Patch: 4 February 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, SQL...
Multiple vulnerabilities in LEPTON
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LEPTON, which can be exploited to perform Local File Inclusion, Cross Site Scripting and SQL Injection attacks. 1 Local File Inclusion in LEPTON: CVE-2012-0998 Input passed via the "language" POST parameter to...