5 matches found
CVE-2012-5384
Multiple cross-site scripting XSS vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the 1 $name or 2 $description variables in editentryhandler.php, or 3 $url, 4 $tempfullname, or 5 $extusers variables in viewentry.php, different vector...
CVE-2024-48465
The MRBS version 1.5.0 has an SQL injection vulnerability in the editentryhandler.php file, specifically in the rooms%5B%5D parameter...
CVE-2024-48465
The MRBS version 1.5.0 has an SQL injection vulnerability in the editentryhandler.php file, specifically in the rooms%5B%5D parameter...
CVE-2024-48465
The MRBS version 1.5.0 has an SQL injection vulnerability in the editentryhandler.php file, specifically in the rooms%5B%5D parameter...
CVE-2024-48465
CVE-2024-48465 affects MRBS version 1.5.0 and stems from an SQL injection in the edit_entry_handler.php file, specifically via the rooms%5B%5D parameter. The CVSS 3.1 base score is 9.8 (CRITICAL) with network access, no user interaction, and no privileges required, indicating a potentially severe...