3 matches found
CVE-2009-3756
The vulnerability CVE-2009-3756 affects phpBMS 0.96. An information-disclosure flaw allows remote attackers to obtain the installation path by directly requesting (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, or (4) choicelist.php. The error message reveals the instal...
CVE-2009-3754
CVE-2009-3754 affects phpBMS 0.96, with multiple SQL injection vulnerabilities. The flaws allow remote attackers to craft input to three endpoints—modules/bms/invoices_discount_ajax.php (id parameter), dbgraphic.php (f parameter), and advancedsearch.php (tid parameter in a show action)—to execute...
CVE-2009-3755
phpBMS 0.96 is affected by multiple cross-site scripting (XSS) vulnerabilities triggered by PATH_INFO input. The issues affect index.php and modules/base/myaccount.php, as well as modules_view.php, tabledefs_options.php, and adminsettings.php within phpbms\modules\base. The root cause is improper...