5 matches found
CVE-2008-6404
Cross-site scripting XSS vulnerability in addcalendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter...
Sql injection
SQL injection vulnerability in pickusers.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the unamesearch parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-4459
SQL injection vulnerability in pickusers.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the unamesearch parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-4459
The CVE-2008-4459 entry concerns the web app component eXtrovert Thyme 1.3 , specifically the pick_users.php (groups module) . It describes a SQL injection vulnerability exploitable via the uname_search parameter that could allow remote attackers to execute arbitrary SQL commands. The vulnerabili...
eXtrovert software Thyme 1.3 - 'pick_users.php' SQL Injection
source: https://www.securityfocus.com/bid/31063/info eXtrovert software Thyme is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...