Sql injection

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...

CVE-2009-2123

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...

Cross site scripting

Cross-site scripting XSS vulnerability in showactivity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2009-2123

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 inUser aka Username and 2 inPass aka Password parameters to a inc/login.ei, reachable through login.php; and the 3 id parameter to b showbug.php and c showactivity.php. NOTE: i...

CVE-2009-2127

CVE-2009-2127 is a cross‑site scripting (XSS) vulnerability in Elvin 1.2.0 , specifically in the file show_activity.php . The flaw allows remote attackers to inject arbitrary web script or HTML via the id parameter. The referenced CVSSv2 base score is 4.3 (Medium) with network access, user intera...