2 matches found
CVE-2012-4265
CVE-2012-4265 describes an SQL injection vulnerability in the PHP script category_edit.php of Proman Xpress 5.0.1. The flaw allows remote attackers to execute arbitrary SQL commands through the cid parameter. This is documented across multiple sources (NVD/Red Hat/CVE list) with the same affected...
CVE-2012-4266
CVE-2012-4266 is an XSS vulnerability in Proman Xpress 5.0.1, exploitable via the cl_comments parameter in client_details.php. The issue allows remote attackers to inject arbitrary script/HTML. Affected component is the web page logic handling cl_comments, with no documented broader impact beyond...