EUVD-2010-2327

Malware in sbrugna...

Sql injection

Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 search, 2 sbr, 3 pid, 4 sbl, and 5 FilePath parameters to default.asp; and the 6 sbr, 7 pr, and 8 psPrice parameters to printpage.asp...

CVE-2010-2317

CVE-2010-2317 concerns multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier. The flaws allow remote attackers to inject arbitrary SQL through specific parameters: default.asp: (1) search, (2) sbr, (3) pid, (4) sbl, (5) FilePath; and printpage.asp: (6) sbr, (7) pr, (8) psPrice. The des...

CVE-2010-2317

Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 search, 2 sbr, 3 pid, 4 sbl, and 5 FilePath parameters to default.asp; and the 6 sbr, 7 pr, and 8 psPrice parameters to printpage.asp...

CVE-2010-2316

CVE-2010-2316 describes multiple cross-site scripting (XSS) vulnerabilities in WmsCms 2.0 and earlier, affecting default.asp and related endpoints. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, with vectors dif...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sbl, 2 sbr, or 3 search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is...

CVE-2007-3137

CVE-2007-3137 concerns multiple cross-site scripting (XSS) vulnerabilities in 4print.asp of WmsCMS 2.0 and earlier. The affected component is 4print.asp, with the XSS vectors reported via the sbl, sbr, and search parameters (the note about the pageid parameter in index.php is stated as incorrect)...