2 matches found
CVE-2008-2492
CVE-2008-2492 describes multiple SQL injection flaws in Campus Bulletin Board 3.4 that allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and (2) review parameter to post3/book.asp. The connected documents confirm the vulnerable components and impa...
CVE-2008-2493
CVE-2008-2493 describes a Cross-site scripting (XSS) vulnerability in Campus Bulletin Board 3.4, specifically in post3/Book.asp where the review parameter can be used to inject arbitrary script or HTML. The affected component is the review parameter within post3/Book.asp; no root-cause details or...