2 matches found
CVE-2008-2205
CVE-2008-2205 describes an SQL injection in Maian Music 1.1: the vulnerable component is index.php handling the album action, where the album parameter is exploitable. The underlying cause is unsanitized user input that is used to compose SQL queries, enabling remote attackers to execute arbitrar...
CVE-2008-2206
CVE-2008-2206 affects Maian Music 1.1 and describes multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via two vectors: (1) the keywords parameter in a search action to index.php, and (2) the msg_script parameter to admin/...