2 matches found
Sql injection
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the 1 idp and 2 category parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the 1 data parameter to catalog.php, the 2 keyword parameter to search.php, the 3 page parameter to bb.php, and the 4 news parameter to order.php...