CVE-2008-6037

CVE-2008-6037 describes an SQL injection in the AvailScript Article Script, specifically in the file/view component view.php, exploitable via the vulnerable parameter v. The root cause is insufficient input validation/sanitization allowing an attacker to inject SQL commands, enabling an attacker ...

CVE-2008-4371

CVE-2008-4371 describes a SQL injection in AvailScript Article Script : the vulnerability resides in articles.php and is exploitable via the aIDS parameter to execute arbitrary SQL commands remotely. The CVSS v2 base score is 7.5 (HIGH), with network access, low attack complexity, and no authenti...

CVE-2008-6900

CVE-2008-6900 : Unrestricted file upload in AvailScript Article Script (Add Pen/Author Name via addpen.php) allows remote authenticated users to upload a file with an executable extension and access it under photos/, enabling arbitrary code execution. CVSSv2 vector: AV:N/AC:L/Au:S/C:P/I:P/A:P wit...

CVE-2008-4372

CVE-2008-4372 is an XSS vulnerability in the AvailScript Article Script, specifically in articles.php, exploitable via the aIDS parameter. This allows remote attackers to inject arbitrary web script or HTML. Public references (NVD, CVE lists) list a CVSS v2 base score of 4.3 (Medium) with user in...