6 matches found
CVE-2006-2835
CVE-2006-2835: The connected documents confirm a SQL injection vulnerability in Saphplesson 2.0, enabling remote attackers to execute arbitrary SQL commands via the forumid parameter in add.php or the lessid parameter in show.php. The issue’s root cause is not explicitly described in the provided...
CVE-2006-1420
The CVE-2006-1420 entry describes an SQL injection vulnerability in the PHP application component print.php of SaphpLesson 2.0 . The flaw allows remote attackers to execute arbitrary SQL commands through the lessid parameter. The available connected sources confirm the affected module and input v...
CVE-2009-2883
An SQL injection vulnerability in SaphpLesson 4.0 (admin/login.php) can be triggered when magic_quotes_gpc is disabled, allowing remote attackers to execute arbitrary SQL via the cp_username parameter. The issue is related to an error in the CleanVar function in includes/functions.php. CVSS v2 ba...
CVE-2006-2278
SaphpLesson 3.0 contains an input handling flaw: it does not initialize array variables, enabling an attacker to disclose the full filesystem path via non-array parameters. The affected vectors are (1) hrow to show.php or index.php; (2) Lsnrow to showcat.php; and (3) rows to index.php. This is a ...
CVE-2006-2279
CVE-2006-2279 affects SaphpLesson 3.0 with multiple SQL injection flaws. The vulnerability allows remote attackers to execute arbitrary SQL via (1) Find parameter in search.php and (2) LID and (3) Rate parameters in misc.php. NVD lists a base score of 7.5 (HIGH) with network attack vector and no ...
CVE-2006-1720
SaphpLesson 3.0 is affected by an XSS in search.php via the Word parameter. The issue may stem from SQL injection, per the CVE description. Detailing: vulnerable component is search.php (Word param in SaphpLesson 3.0), root cause is unsanitized input leading to script/HTML injection. Impact per s...