2 matches found
CVE-2006-4822
CVE-2006-4822 describes multiple cross-site scripting (XSS) vulnerabilities in the index.php file of eMuSOFT emuCMS 0.3 and earlier. The flaws allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters. The impact is typical for reflected/persistent XSS...
CVE-2008-2891
CVE-2008-2891 corresponds to a SQL injection in the PHP script implementing eMuSOFT’s emuCMS 0.3. The vulnerability is triggered via the cat_id parameter in a category action within index.php, allowing remote attackers to execute arbitrary SQL commands. The core issue is improper input handling i...