2 matches found
CVE-2009-3211
CVE-2009-3211 describes a directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x. When magic_quotes_gpc is disabled, remote attackers can read arbitrary files by injecting a .. into the options[style_dir] parameter of the default URI. The NVD entry lists a base score of 6.8 (Medi...
CVE-2009-3212
The CVE-2009-3212 entry describes an SQL injection in VivaPrograms Infinity Script 2.x.x when magic_quotes_gpc is disabled. The underlying issue is improper sanitization/escaping of the username field, enabling remote attackers to craft inputs that alter SQL queries. Impact is described as arbitr...