2 matches found
CVE-2009-1316
CVE-2009-1316 affects AbleSpace 1.0 and involves SQL injection in web endpoints: events_view.php (parameter eid) and events_clndr_view.php (parameter id). Root cause is unsanitized user input leading to arbitrary SQL execution. Documented base score is 7.5 (HIGH) with network attack vector, low a...
CVE-2009-1315
CVE-2009-1315 describes multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) gid parameter in groups_profile.php, (2) cat_id and (3) razd_id parameters in adv_cat.php, and (4) the URL parameter to b...