2 matches found
CVE-2006-6218
CVE-2006-6218 relates to dev4u CMS, where index.php is vulnerable to SQL injection via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters. The root cause is improper handling/sanitization of input used in SQL queries, allowing remote attackers to alter the intended query and execut...
CVE-2006-6219
dev4u CMS is affected by multiple cross-site scripting (XSS) flaws in index.php, exploitable via the parameters (1) user_name, (2) passwort, and (3) go_target. The issue allows remote attackers to inject arbitrary web script or HTML. CVSSv2 base score is 6.8 (MEDIUM), with NETWORK attack vector, ...