4 matches found
EUVD-2011-5083
Malware in sbrugna...
CVE-2011-5183
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the whereclause parameter to 1 index.php, 2 indexlong.php, or 3 indexshort.php in ordering/interfacecreator/...
CVE-2011-5183
OrderSys 1.6.4 and earlier is affected by multiple SQL injection vulnerabilities. The root cause is unsafe handling of the where_clause parameter in ordering/interface_creator/ scripts (index.php, index_long.php, index_short.php), allowing remote attackers to inject and execute arbitrary SQL comm...
OrderSys 1.6.4 - Multiple SQL Injections Multiple Cross-Site Scripting Vulnerabilities
OrderSys 1.6.4 - Multiple SQL Injections Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55147/info OrderSys is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize...