Lucene search
K
ArablessSaphplesson

6 matches found

CVE
CVE
added 2006/06/06 8:3 p.m.108 views

CVE-2006-2835

CVE-2006-2835: The connected documents confirm a SQL injection vulnerability in Saphplesson 2.0, enabling remote attackers to execute arbitrary SQL commands via the forumid parameter in add.php or the lessid parameter in show.php. The issue’s root cause is not explicitly described in the provided...

7.5CVSS8.3AI score0.01277EPSS
CVE
CVE
added 2006/03/28 8:0 p.m.54 views

CVE-2006-1420

The CVE-2006-1420 entry describes an SQL injection vulnerability in the PHP application component print.php of SaphpLesson 2.0 . The flaw allows remote attackers to execute arbitrary SQL commands through the lessid parameter. The available connected sources confirm the affected module and input v...

5CVSS8.4AI score0.01072EPSS
CVE
CVE
added 2009/08/20 5:0 p.m.50 views

CVE-2009-2883

An SQL injection vulnerability in SaphpLesson 4.0 (admin/login.php) can be triggered when magic_quotes_gpc is disabled, allowing remote attackers to execute arbitrary SQL via the cp_username parameter. The issue is related to an error in the CleanVar function in includes/functions.php. CVSS v2 ba...

6.8CVSS8.7AI score0.00903EPSS
Web
CVE
CVE
added 2006/05/09 11:0 p.m.49 views

CVE-2006-2278

SaphpLesson 3.0 contains an input handling flaw: it does not initialize array variables, enabling an attacker to disclose the full filesystem path via non-array parameters. The affected vectors are (1) hrow to show.php or index.php; (2) Lsnrow to showcat.php; and (3) rows to index.php. This is a ...

5CVSS6.6AI score0.01582EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.40 views

CVE-2006-2279

CVE-2006-2279 affects SaphpLesson 3.0 with multiple SQL injection flaws. The vulnerability allows remote attackers to execute arbitrary SQL via (1) Find parameter in search.php and (2) LID and (3) Rate parameters in misc.php. NVD lists a base score of 7.5 (HIGH) with network attack vector and no ...

7.5CVSS8.5AI score0.02148EPSS
CVE
CVE
added 2006/04/11 11:0 p.m.38 views

CVE-2006-1720

SaphpLesson 3.0 is affected by an XSS in search.php via the Word parameter. The issue may stem from SQL injection, per the CVE description. Detailing: vulnerable component is search.php (Word param in SaphpLesson 3.0), root cause is unsanitized input leading to script/HTML injection. Impact per s...

4.3CVSS6.4AI score0.01176EPSS