Galatolo Webmanager Security Vulnerabilities and Issues — Galatolo Webmanager CVE List

Lucene search

GwmGalatolo Webmanager

5 matches found

CVE•added 2009/02/23 5:30 p.m.•46 views

CVE-2008-6249

SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.7AI score0.00184EPSS

Web

CVE•added 2009/02/10 10:0 p.m.•37 views

CVE-2008-6108

Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.

4.3CVSS5.9AI score0.00141EPSS

CVE•added 2009/02/26 4:17 p.m.•37 views

CVE-2008-6300

Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5CVSS7.1AI score0.01526EPSS

CVE•added 2008/06/13 7:41 p.m.•31 views

CVE-2008-2699

Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php.

7.5CVSS7.4AI score0.01839EPSS

Web

CVE•added 2008/06/13 7:41 p.m.•28 views

CVE-2008-2700

SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.4AI score0.00284EPSS