phpBB Remote - 'mod.php' SQL Injection

source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to...

CVE-2005-0669

CVE-2005-0669 concerns multiple SQL injection flaws in phpCOIN 1.2.0–1.2.1b (PHP-based application). The vulnerabilities affect mod.php across several modules: faq (faq_id), pages (id), siteinfo (id), articles (topic_id), orders (ord_id), domains (dom_id), and invoices (invd_id). The underlying i...

CVE-2005-0309

The CVE-2005-0309 entry affects Exponent 0.95, with two vulnerable entry points: index.php and mod.php. The underlying issue is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML through the module parameter. The description expl...

CVE-2004-2670

Multiple cross-site scripting XSS vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter in a viewcat operation or 2 the query parameter in a search operation in the publisher module...

eNdonesia 8.2/8.3 - 'Mod' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8506/info It has been reported that eNdonesia is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a victim's browser. The issue reportedly exists in the mod.php script via the 'mod' URI...