Lucene search
K
FreereprintablesArticlefr

7 matches found

CVE
CVE
added 2020/02/13 6:47 p.m.68 views

CVE-2014-4170

CVE-2014-4170 describes an improper access control vulnerability in ArticleFR (Free Reprintables) where the data.php script lacks sufficient restrictions. A remote attacker can issue crafted requests to /data.php and execute arbitrary UPDATE SQL commands, enabling modification or deletion of data...

9.8CVSS9.2AI score0.14484EPSS
Web
CVE
CVE
added 2015/01/27 5:0 p.m.56 views

CVE-2015-1364

CVE-2015-1364 concerns the Free Reprintables ArticleFR CMS 3.0.5. The vulnerability is a SQL injection in the function getProfile (file: system/profile.functions.php) where the vulnerable parameter is username . The query shown is: SELECT ... FROM users WHERE username = '" . $_username . "' which...

7.5CVSS8.6AI score0.01342EPSS
Web
CVE
CVE
added 2020/01/15 6:15 p.m.56 views

CVE-2015-6591

The CVE-2015-6591 entry concerns Free Reprintables ArticleFR 3.0.7 and earlier. It affects the web application path application/templates/amelia/loadjs.php, where the s parameter is used to read files via file_get_contents without proper validation, enabling local arbitrary file read by a non-aut...

5.5CVSS5.3AI score0.00582EPSS
Web
CVE
CVE
added 2015/01/27 5:0 p.m.55 views

CVE-2015-1363

CVE-2015-1363 concerns Free Reprintables ArticleFR CMS 3.0.5. Affected component: search/v/ query parameter q. Underlying issue: cross-site scripting (XSS) allowing remote attackers to inject arbitrary script/HTML. Impact as per sources: script execution in the victim’s browser. Exploitation cont...

4.3CVSS5.8AI score0.01892EPSS
Web
CVE
CVE
added 2014/08/22 2:0 p.m.49 views

CVE-2014-5097

CVE-2014-5097 describes SQL injection in ArticleFR CMS (Free Reprintables) versions 3.0.4 and earlier. The vulnerability arises from insufficient sanitization of the HTTP GET parameter “id” passed to /rate.php when act is either “get” or “set,” allowing remote attackers to execute arbitrary SQL c...

7.5CVSS8.6AI score0.02348EPSS
Web
CVE
CVE
added 2015/07/16 3:0 p.m.49 views

CVE-2015-5530

CVE-2015-5530 affects Free Reprintables ArticleFR 3.0.6. The vulnerability is CSRF that lets an attacker cause an admin account to be created via dashboard/users/create/, effectively hijacking an administrator’s authentication context. The NVD entry lists a base score of 6.8 (Medium) with network...

6.8CVSS7.3AI score0.01221EPSS
Web
CVE
CVE
added 2015/07/16 3:0 p.m.47 views

CVE-2015-5529

Affected software: Free Reprintables ArticleFR 3.0.6. Vulnerable components: dashboard/settings/categories/ (name parameter), dashboard/settings/links/ (title and rel parameters), dashboard/tools/pingservers/ (url parameter). Issue: stored cross-site scripting due to inadequate input sanitization...

4.3CVSS5.9AI score0.03308EPSS
Web