CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2009/10/22 5:30 p.m.•10 views

Information disclosure

phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to 1 footer.php, 2 header.php, 3 the show action in advancedsearch.php, and 4 choicelist.php, which reveals the installation path in an error message...

5CVSS6.7AI score0.03673EPSS

NVD•added 2009/10/22 5:30 p.m.•11 views

CVE-2009-3756

5CVSS6.1AI score0.03673EPSS

Prion•added 2009/10/22 5:30 p.m.•12 views

Sql injection

Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to modules/bms/invoicesdiscountajax.php, 2 f parameter to dbgraphic.php, and 3 tid parameter in a show action to advancedsearch.php...

7.5CVSS9.2AI score0.00252EPSS

NVD•added 2009/10/22 5:30 p.m.•7 views

CVE-2009-3755

Multiple cross-site scripting XSS vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php and 2 modules\base\myaccount.php; and the PATHINFO to 3 modulesview.php, 4 tabledefsoptions.php, and 5 adminsettings.php in...

4.3CVSS5.8AI score0.00438EPSS

NVD•added 2009/10/22 5:30 p.m.•8 views

CVE-2009-3754

7.5CVSS8.5AI score0.00252EPSS

Prion•added 2009/10/22 5:30 p.m.•9 views

Cross site scripting

4.3CVSS6.1AI score0.00438EPSS

CVE•added 2009/10/22 5:0 p.m.•41 views

CVE-2009-3754

CVE-2009-3754 affects phpBMS 0.96, with multiple SQL injection vulnerabilities. The flaws allow remote attackers to craft input to three endpoints—modules/bms/invoices_discount_ajax.php (id parameter), dbgraphic.php (f parameter), and advancedsearch.php (tid parameter in a show action)—to execute...

7.5CVSS8.5AI score0.00252EPSS

CVE•added 2009/10/22 5:0 p.m.•34 views

CVE-2009-3755

phpBMS 0.96 is affected by multiple cross-site scripting (XSS) vulnerabilities triggered by PATH_INFO input. The issues affect index.php and modules/base/myaccount.php, as well as modules_view.php, tabledefs_options.php, and adminsettings.php within phpbms\modules\base. The root cause is improper...

4.3CVSS5.8AI score0.00438EPSS

Cvelist•added 2009/10/22 5:0 p.m.•11 views

CVE-2009-3754

8.5AI score0.00252EPSS

Cvelist•added 2009/10/22 5:0 p.m.•14 views

CVE-2009-3755

5.8AI score0.00438EPSS

CVE•added 2009/10/22 5:0 p.m.•46 views

CVE-2009-3756

The vulnerability CVE-2009-3756 affects phpBMS 0.96. An information-disclosure flaw allows remote attackers to obtain the installation path by directly requesting (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, or (4) choicelist.php. The error message reveals the instal...

5CVSS6.1AI score0.03673EPSS

Cvelist•added 2009/10/22 5:0 p.m.•12 views

CVE-2009-3756

6.1AI score0.03673EPSS

exploitpack•added 2009/07/10 12:0 a.m.•13 views

phpbms 0.96 - Multiple Vulnerabilities

phpbms 0.96 - Multiple Vulnerabilities phpBMS v0.96 phpbms.org eLwauxc2009, uasc.org.ua http://phpbms.org/trial/ SQL Inj -------------------------------------------------------------------------------------------------------------------------------------------------------------------------...

0day.today•added 2009/07/10 12:0 a.m.•46 views

phpBMS 0.96 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =========================================== phpBMS 0.96 Multiple Remote Vulnerabilities =========================================== phpBMS v0.96 phpbms.org eLwauxc2009, uasc.org.ua http://phpbms.org/trial/ SQL Inj...

7.1AI score

Packet Storm•added 2009/07/10 12:0 a.m.•20 views

phpBMS 0.96 XSS / SQL Injection

phpBMS v0.96 phpbms.org eLwauxc2009, uasc.org.ua http://phpbms.org/trial/ SQL Inj ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- $querystatement="SELECT...

0.2AI score

seebug.org•added 2009/07/10 12:0 a.m.•15 views

phpBMS 0.96 Multiple Remote Vulnerabilities

7.1AI score