2 matches found
CVE-2009-3349
Datavore Gyro 5.0 is affected by a SQL injection vulnerability in the home component’s cat action, exploitable via the cid parameter. This allows remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network attack vector and no authentica...
CVE-2009-3348
CVE-2009-3348 is an XSS vulnerability affecting Datavore Gyro 5.0. The issue arises from the cid parameter in a cat action to the home component , allowing remote attackers to inject arbitrary web script or HTML. The connected documents confirm the vulnerability description but do not provide exp...