3 matches found
CVE-2008-6530
The CVE-2008-6530 entry describes an Unrestricted file upload in editimage.php of eZoneScripts Living Local 1.1 . The vulnerability permits remote authenticated administrators to upload a file with an executable extension and then access it directly to execute arbitrary PHP code. This can comprom...
CVE-2008-6529
CVE-2008-6529 : The vulnerability is a cross-site scripting (XSS) flaw in listtest.php of eZoneScripts Living Local 1.1. The underlying issue is that an attacker can inject arbitrary web script or HTML via the r parameter. The entry shows a CVSSv2 base score of 4.3 (MEDIUM) with network attack ve...
CVE-2008-3943
CVE-2008-3943 describes an SQL injection in listtest.php of the eZoneScripts Living Local 1.1 application, exploitable via the r parameter. Root cause: unsafely constructed SQL queries from user input leading to arbitrary SQL execution. Impact: partial confidentiality, integrity, and availability...