5 matches found
SQL Injection in phpMySport
Vulnerability ID: HTB22771 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport1.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...
SQL Injection in phpMySport
Vulnerability ID: HTB22770 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...
Sql injection
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 v2 parameter in a member view action, 2 v1 parameter in a news action, 3 v1 parameter in an information action, 4 v2 parameter...
Directory traversal
Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. dot dot in the currentfolder parameter...
CVE-2010-1109
Multiple SQL injection vulnerabilities in index.php of phpMySport 1.4 allow remote attackers to execute arbitrary SQL commands when magic_quotes_gpc is disabled. Exploitable via several parameters across different actions: v2 in member view, v1 in news, v1 in information, and v2 in team, club, or...