2 matches found
CVE-2006-2685
CVE-2006-2685 affects BASE 1.2.4 and earlier. When PHP register_globals is enabled, the base_qry_common.php script accepts a BASE_path parameter that can include arbitrary files, enabling remote PHP code execution via (1) base_qry_common.php, (2) base_stat_common.php, or (3) includes/base_include...
CVE-2006-1590
CVE-2006-1590 is an XSS vulnerability in BASE 1.2.4 and ACID 0.9.6b23 (PrintFreshPage function). The issue allows remote attackers to inject arbitrary script/HTML via: (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, (c) submit parameter to base_qry_alert....