2 matches found
Sql injection
SQL injection vulnerability in closebug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title aka subject field...
CVE-2009-2126
CVE-2009-2126 affects Elvin before 1.2.1. The vulnerability is a cross-site scripting (XSS) flaw in close_bug.php, where an attacker can inject arbitrary web script or HTML via the title (subject) field. This is documented across multiple sources (NVD, Red Hat, CVE List, Prion, etc.). The availab...