2 matches found
CVE-2009-4206
CVE-2009-4206 describes an SQL injection in admin.link.modify.php for Million Dollar Text Links 1.0 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the id parameter. This is consistent with the NVD entry (CVSSv2 base score 7.5, HIGH) indicating network...
CVE-2009-1854
CVE-2009-1854 applies to Million Dollar Text Links 1.0 , where remote attackers can bypass authentication and gain administrative access by setting the userid cookie to 1. The NVD entry scores it as CVSSv2: 7.5 (HIGH) with network access, low complexity, and no authentication required, resulting ...