CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

CVE-2006-1563

Affected software/component: [V]Book (aka VBook) 2.0 by vscripts; vulnerable file: config.php. Root cause: Direct static code injection allows an attacker to insert arbitrary PHP code into config.php, which is subsequently included by other [V]Book scripts. Impact: Remote code execution leading t...

Code injection

Direct static code injection vulnerability in admin/config.php in vscripts aka Kuba Kunkiewicz VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php...

CVE-2006-1543

VNews 1.2 (vscripts) is affected by multiple SQL injection vulnerabilities. The vulnerable inputs are loginvar in admin/admin.php and the news/nom parameters in news.php, where unsanitized user input is used in SQL queries. This can allow remote attackers to execute arbitrary SQL commands. A PoC/...

CVE-2006-1544

CVE-2006-1544 affects VNews 1.2 (vscripts) with multiple XSS flaws in news.php, exploitable via parameters autorkomentarza and tresckomentarza. The vulnerability allows remote attackers to inject arbitrary script/HTML. Exploitation: PoC/Exploit available per eVuln documentation. Affected software...