Lucene search

Base Security Vulnerabilities - January

cve

CVE-2009-4590

Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.8AI Score

0.003EPSS

2010-01-07 06:30 PM

cve

CVE-2009-4591

SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

8.6AI Score

0.002EPSS

2010-01-07 06:30 PM

cve

CVE-2009-4592

Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.

6.8AI Score

0.011EPSS

2010-01-07 06:30 PM

cve

CVE-2012-1017

Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.

8.7AI Score

0.001EPSS

2012-02-08 12:55 AM