2 matches found
CVE-2008-3944
The CVE-2008-3944 entry describes a SQL injection vulnerability in the ACG-PTP 1.0.6 application, specifically in index.php where the adid parameter used in an adorder action can be exploited by a remote attacker to execute arbitrary SQL commands. The issue is tied to unsanitized input in adid, e...
CVE-2008-3782
Multiple XSS vulnerabilities exist in admin/index.php of ACG-PTP 1.0.6, allowing remote authenticated administrators to inject arbitrary web script or HTML. The flaws are triggered via (1) Category name under Advertisement Packages, (2) Reason under Credit/Debit Users, and (3) FAQ question and (4...