SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.
8.5AI Score
0.006EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.
5.7AI Score
0.01EPSS
Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php.
8.4AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.
5.6AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action.
8.5AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already c...
5.8AI Score
0.01EPSS
Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
6.7AI Score
0.005EPSS
SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show pa...
8.4AI Score
0.008EPSS
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
8.4AI Score
0.001EPSS