CVE-2009-4937

CVE-2009-4937 describes an XSS in Small Pirate (SPirate) 2.1. An attacker can inject arbitrary script/HTML via an onmouseover in an img BBCode tag inside a url BBCode tag. The records consistently cite Cross-site scripting without details on exploit status or affected versions beyond 2.1. The con...

CVE-2009-4936

CVE-2009-4936 affects Small Pirate (SPirate) 2.1 with multiple SQL injection vulnerabilities. Remote attackers can inject through the id parameter in: (1) the default URI in an RSS .xml action, (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-co...

CVE-2009-4936

Multiple SQL injection vulnerabilities in Small Pirate SPirate 2.1 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to the default URI in an rss .xml action, or the id parameter to 2 pag1.php, 3 pag1-guest.php, 4 rss-commentpost.php aka rss-comentpost.php, or 5...

Sql injection

Multiple SQL injection vulnerabilities in Small Pirate SPirate 2.1 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to the default URI in an rss .xml action, or the id parameter to 2 pag1.php, 3 pag1-guest.php, 4 rss-commentpost.php aka rss-comentpost.php, or 5...