CVE-2010-2356

Cross-site scripting XSS vulnerability in subscribe.php in Pilot Group PG eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the courseid parameter...

CVE-2010-2356

CVE-2010-2356 affects Pilot Group (PG) eLMS Pro: XSS in subscribe.php, exploitable via the course_id parameter. Root cause is reflected/script injection in the course_id handling. The NVD notes a CVSSv2 base score of 4.3 (Medium) with network attack vector, no authentication, and partial integrit...

CVE-2010-2354

CVE-2010-2354 affects Pilot Group (PG) eLMS Pro, where subscribe.php is vulnerable to SQL injection via the course_id parameter. The root cause is improper handling of input leading to arbitrary SQL execution by remote attackers, with impact described as allowing arbitrary commands and partial da...

CVE-2007-3627

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to 1 login.php, 2 auth.php, and 3 subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009...

Sql injection

Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the 1 useremail parameter to a unsubscribe.php or b subscribe.php; or the 2 username parameter to subscribe.php. NOTE: the provenance of this information is unknown; the...

CVE-2006-1692

CVE-2006-1692 concerns MWNewsletter 1.0.0b, where multiple SQL injection flaws are exposed via input parameters. Specifically, unsanitized user_email (in unsubscribe.php and subscribe.php) and user_name (in subscribe.php) allow remote attackers to inject arbitrary SQL commands, enabling potential...