5 matches found
CVE-2008-5649
CVE-2008-5649 describes an SQL injection vulnerability in AlstraSoft Article Manager Pro 1.6, specifically in admin/admin.php where the username parameter can be manipulated to execute arbitrary SQL commands. Documented impact indicates remote attackers could achieve complete confidentiality, int...
CVE-2006-2566
Affected software: Alstrasoft Article Manager Pro 1.6. The vulnerability is an information disclosure that exposes the path via error messages in two potential inputs: (1) the action parameter in a request to mrarticles.php (possible quote character or invalid value) and (2) a login QUERY_STRING ...
CVE-2006-2565
Affected software: Alstrasoft Article Manager Pro 1.6. The vulnerability is an SQL injection in two parameters: author_id in profile.php and aut_id in userarticles.php. The SQL manipulation may lead to arbitrary SQL execution and, for the aut_id vector, potential resultant path disclosure if the ...
CVE-2006-2567
CVE-2006-2567 is an XSS vulnerability in the Alstrasoft Article Manager Pro 1.6, affecting the submit_article.php handler. The issue arises from unsafely handling user input in a STYLE attribute, enabling an attacker to inject JavaScript via a javascript: URI in a CSS property, potentially compro...
CVE-2007-4082
CVE-2007-4082 describes a cross-site scripting (XSS) vulnerability in AlstraSoft Article Manager Pro, exploitable via theuserid parameter in contact_author.php. The issue allows remote attackers to inject arbitrary scripts/HTML; CVSS v2 base score 4.3 (Medium) with Network attack vector, no authe...