2 matches found
CVE-2009-4693
GraFX MiniCWB 2.3.0 is affected by multiple PHP remote file inclusion vulnerabilities that allow remote code execution via a URL in the LANG parameter targeting language/en.inc.php, language/hu.inc.php, language/no.inc.php, language/ro.inc.php, and language/ru.inc.php. The root cause is unsafe in...
CVE-2008-6620
GraFX miniCWB 2.1.1 and earlier are affected by CVE-2008-6620: multiple XSS vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php. The issue allows remote attackers to inject arbitrary web script or HTML through (1) errcontext, (2) _GET, (3) _POST, (4)...