2 matches found
CVE-2010-4851
CVE-2010-4851 affects Eclime 1.1.2b. The OpenVAS/NVD entries document multiple SQL injection vulnerabilities in the web app, exploitable via (1) ref and (2) poll_id parameters to index.php and (3) country parameter to create_account.php. Attacks can lead to arbitrary SQL execution and exposure of...
CVE-2010-4852
CVE-2010-4852 affects Eclime 1.1.2b, where login.php’s reason parameter is vulnerable to cross-site scripting (XSS) due to insufficient input sanitization. Exploitation could cause arbitrary script/HTML execution in a user’s browser. Concrete details across connected records confirm the vulnerabl...