14 matches found
EUVD-2007-3120
Malware in sbrugna...
WSPortal 1.0 Content.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24513/info WSPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
WSPortal Content.PHP SQL注入漏洞
WSPortal是一款基于PHP的WEB应用程序。 WSPortal不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Content.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 WSPortal WSPortal 1.0 目前没有解决方案提供: http://www.wsportal.co.uk/ http://www.example.com/WSPORTAL-DIRECTORY/content.php?page=0' UNI...
Sql injection
SQL injection vulnerability in content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter...
CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter...
EUVD-2007-3119
content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to obtain sensitive information via a "';" quote semicolon sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message...
CVE-2007-3127
CVE-2007-3127 affects WSPortal 1.0. The issue is a path disclosure vulnerability in content.php: when magic_quotes_gpc is disabled, a crafted page parameter containing a "'"; sequence can trigger a forced SQL error that reveals the server installation path. Impact is information disclosure (parti...
CVE-2007-3128
CVE-2007-3128 pertains to WSPortal 1.0, where SQL injection is possible in content.php via the page parameter when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to execute arbitrary SQL commands through crafted input, potentially affecting data confidentiality and integr...
CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter...
wsportal-sql.txt
netVigilance Security Advisory 33 WSPortal version 1.0 SQL Injection Vulnerability Description: WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the site or a specific ip address, private messagi...
WSPortal 1.0 - 'content.php' SQL Injection
source: https://www.securityfocus.com/bid/24513/info WSPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
WSPortal 1.0 - content.php SQL Injection
WSPortal 1.0 - content.php SQL Injection source: https://www.securityfocus.com/bid/24513/info WSPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
[Full-disclosure] WSPortal version 1.0 SQL Injection Vulnerability
netVigilance Security Advisory 33 WSPortal version 1.0 SQL Injection Vulnerability Description: WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the site or a specific ip address, private messagi...
[Full-disclosure] WSPortal version 1.0 Path Disclosure Vulnerability
netVigilance Security Advisory 32 WSPortal version 1.0 Path Disclosure Vulnerability Description: WSPortal is a site management system coded in PHP/MySQL. It is capable of adding pages, adding news to pages, adding images to news articles, alerting the site or a specific ip address, private...