2 matches found
CVE-2009-4926
CVE-2009-4926 concerns Online Contact Manager (formerly EContact PRO) 3.0, which has multiple XSS vulnerabilities. The issue is exploitable via the showGroup parameter to index.php and via the id parameter to view.php, email.php, edit.php, and delete.php, enabling remote attackers to inject arbit...
CVE-2010-5001
The CVE-2010-5001 entry concerns the esoftpro Online Contact Manager 3.0. The vulnerability is a SQL injection in view.php triggered by the id parameter, allowing remote attackers to execute arbitrary SQL commands. Root cause is unsanitized input in the id parameter leading to unintended query ma...