7 matches found
EUVD-2014-1050
Malware in sbrugna...
Cross-site Scripting (XSS)
pomm/pomm is susceptible to cross-site scripting XSS attacks. The attacks are possible because it does not escape the string in LTree converter fromPg function in Pomm/Converter/PgLTree.php...
SQL Injection
Pomm is vulnerable to SQL injections. The library does not escape user supplied strings in the LTree converter, allowing a malicious user to inject and execute arbitrary SQL queries...
CVE-2014-100019
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-100019
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-100019
The vulnerability is in the Pomm library’s LTree converter, where SQL injection is possible in versions before 1.1.5. An attacker could remotely execute arbitrary SQL commands due to lack of escaping for user-supplied strings. Impact and affected components are described in multiple sources (e.g....