2 matches found
CVE-2013-7189
CVE-2013-7189 : iScripts AutoHoster ≤ 2.4 contains multiple SQL injection vulnerabilities. An attacker can exploit the cmbdomain parameter in checktransferstatus.php, checktransferstatusbck.php, or additionalsettings.php, or the invno parameter in payinvoiceothers.php, to execute arbitrary SQL co...
CVE-2013-7190
CVE-2013-7190 describes multiple directory traversal vulnerabilities affecting iScripts AutoHoster (likely <= 2.4). The issues allow remote attackers to read arbitrary files through 1) websitebuilder/showtemplateimage.php (tmpid), 2) admin/downloadfile.php (fname), 3) support/admin/csvdownload...