Banana Dance Security Vulnerabilities and Issues — Banana Dance CVE List

Lucene search

BananadanceBanana Dance

6 matches found

CVE•added 2014/10/21 2:55 p.m.•47 views

CVE-2012-5242

Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

6.8CVSS7AI score0.0512EPSS

CVE•added 2014/10/21 2:55 p.m.•47 views

CVE-2012-5243

functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

5CVSS6.3AI score0.11563EPSS

CVE•added 2012/09/15 5:55 p.m.•44 views

CVE-2011-5176

Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter.

4.3CVSS6AI score0.00225EPSS

CVE•added 2014/10/20 2:55 p.m.•43 views

CVE-2012-5244

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter t...

7.5CVSS8.5AI score0.03544EPSS

CVE•added 2012/09/15 5:55 p.m.•40 views

CVE-2011-5168

SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.7AI score0.00275EPSS

CVE•added 2012/09/15 5:55 p.m.•27 views

CVE-2011-5175

SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5CVSS8.8AI score0.0042EPSS