2 matches found
CVE-2013-0123
CVE-2013-0123 describes multiple SQL injection vulnerabilities in the ASKIA Askiaweb administration interface. The issues allow remote attackers to execute arbitrary SQL commands through two parameters: nHistoryId (WebProd/pages/pgHistory.asp) and OrderBy (WebProd/pages/pgadmin.asp). Affected com...
CVE-2013-0124
CVE-2013-0124 concerns XSS vulnerabilities in the Askiaweb administration interface. Multiple cross-site scripting flaws allow remote attackers to inject arbitrary web script/HTML via the (1) Number parameter or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll. Affected product: ASKIA ask...