4 matches found
CVE-2008-7269
CVE-2008-7269 is an open-redirect flaw affecting SiteEngine 5.x (notably in api.php) where a user-controlled forward parameter in a logout action can redirect victims to arbitrary sites. The vulnerability enables user-assisted remote attack chains for phishing or similar redirects. The Nuclei tem...
CVE-2008-7267
CVE-2008-7267 describes a SQL injection in SiteEngine 5.x, specifically in announcements.php, where the vulnerable parameter is id. The root cause is improper handling of user input leading to arbitrary SQL execution by remote attackers. Impact is partial confidentiality/integrity/availability lo...
CVE-2008-7268
SiteEngine 5.x is affected by CVE-2008-7268 via a phpinfo information-disclosure in misc.php when action=php_info is supplied, allowing remote attackers to obtain system information. The connected documents reiterate the description; no remediation patch/version is provided in the supplied source...
CVE-2010-4357
CVE-2010-4357: SiteEngine 7.1 contains a SQL injection in comments.php via the module parameter, enabling remote arbitrary SQL execution. Technical detail: vulnerable component is the comments.php handler in SiteEngine 7.1; exploit vector is passing crafted module parameters to trigger SQL comman...