2 matches found
CVE-2008-6037
CVE-2008-6037 describes an SQL injection in the AvailScript Article Script, specifically in the file/view component view.php, exploitable via the vulnerable parameter v. The root cause is insufficient input validation/sanitization allowing an attacker to inject SQL commands, enabling an attacker ...
CVE-2008-6900
CVE-2008-6900 : Unrestricted file upload in AvailScript Article Script (Add Pen/Author Name via addpen.php) allows remote authenticated users to upload a file with an executable extension and access it under photos/, enabling arbitrary code execution. CVSSv2 vector: AV:N/AC:L/Au:S/C:P/I:P/A:P wit...