2 matches found
CVE-2006-3902
CVE-2006-3902 is an XSS vulnerability in phpFaber TopSites 2.0.9 where the i_cat parameter of index.php can be exploited to inject arbitrary web script or HTML. The description notes that the vulnerability arises from the input handling in the i_cat parameter; no further details on the root cause...
CVE-2006-3770
The CVE-2006-3770 entry covers multiple SQL injection flaws in phpFaber TopSites (index.php) affecting version 2.0.9 and earlier. The underlying issue is unsecured handling of the (1) i_cat and (2) method parameters, enabling remote attackers to alter SQL queries and potentially compromise data. ...