24 matches found
PT-2018-17274
Name of the Vulnerable Software and Affected Versions: Flexible Poll version 1.2 Description: A SQL Injection issue exists, allowing exploitation via the id parameter to "mobile preview.php" or "index.php" API endpoints. Recommendations: For Flexible Poll version 1.2, avoid using the id parameter...
Maian Weblog Cross-Site Request Forgery Vulnerability
Maian Weblog is a free and open source PHP blogging system developed by British software developer David Ian Bennett. The system includes modules for commenting, searching, uploading images and videos. A cross-site scripting vulnerability exists in the index.php script of Maian Weblog 4.0 and...
PT-2009-2988 · Ninja · Ninja Blog
Name of the Vulnerable Software and Affected Versions: Ninja Blog version 4.8 Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the entries/index.php file when magic quotes gpc is disabled. This is achieved by using a .. dot dot i...
PT-2002-2929 · Wsc · Web Server Creator - Web Portal
Name of the Vulnerable Software and Affected Versions: Web Server Creator - Web Portal WSC-WebPortal version 0.1 Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the l parameter to customize.php or the pg parameter to...