12 matches found
Simplephpscripts News Script PHP Pro SQL注入漏洞
News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. News Script PHP Pro 2.3 suffers from a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the id parameter in the editNews action...
Sql injection
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter...
CVE-2017-15970
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter...
CVE-2010-4859
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blogid parameter in a news action...
Sql injection
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blogid parameter in a news action...
CVE-2010-4859
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blogid parameter in a news action...
CVE-2009-4780
Multiple cross-site scripting XSS vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter in a sitemap action, 2 the search parameter in a search action, 3 the taggingid parameter in a search action, 4 the...
Sql injection
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-3514
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via 1 the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 2 editid and 3 p parameter in a news action to...
CVE-2008-0677
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action...
Sql injection
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action...
Sql injection
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to 1 view.page.inc.php, which is reachable through a view action to index.php; or 2 the year parameter to news.page.inc.php, which is reachabl...