2 matches found
CVE-2009-0529
The CVE-2009-0529 entry describes an XSS vulnerability in SnippetMaster Webpage Editor 2.2.2, where index.php accepts a language parameter that can be exploited to inject arbitrary web script or HTML by remote attackers. This is triggered via the language parameter and does not provide details on...
CVE-2009-0530
CVE-2009-0530: The vulnerability lies in SnippetMaster 2.2.2 where remote file inclusion is possible when PHP register_globals is enabled. An attacker can cause arbitrary PHP code execution by supplying a URL through (1) _SESSION[SCRIPT_PATH] to includes/vars.inc.php and (2) g_pcltar_lib_dir to i...