Availability Booking Calendar PHP Cross Site Scripting Vulnerability

Availability Booking Calendar PHP is a GZ Scripts open source availability booking calendar system. A cross-site scripting vulnerability exists in Availability Booking Calendar PHP version 5.0, which stems from the parameter sessionid in the file /index.php that causes cross-site scripting...

CVE-2020-35598

ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. NOTE: this might be the same as CVE-2009-4623...

Maian Weblog Cross-Site Request Forgery Vulnerability

Maian Weblog is a free and open source PHP blogging system developed by British software developer David Ian Bennett. The system includes modules for commenting, searching, uploading images and videos. A cross-site scripting vulnerability exists in the index.php script of Maian Weblog 4.0 and...

PT-2009-2988 · Ninja · Ninja Blog

Name of the Vulnerable Software and Affected Versions: Ninja Blog version 4.8 Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the entries/index.php file when magic quotes gpc is disabled. This is achieved by using a .. dot dot i...