4 matches found
Dir2web3 Mutiple Vulnerabilities
Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...
CVE-2012-4070
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...
CVE-2012-4070
CVE-2012-4070 affects Dir2web v3.0. Vulnerable component: system/src/dispatcher.php. The oid parameter in the homepage action to index.php enables SQL injection, allowing remote arbitrary SQL execution. Root cause: insufficient input validation in dispatcher.php; Patch guidance: replace the GET/P...
Dir2web3 3.0 SQL Injection / Information Disclosure
Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...