CVE-2010-0616

EvalSMSI 2.1.03 stores passwords in cleartext in the database, enabling privilege escalation for DB-authenticated attackers; remote vector is possible via a separate SQL injection vulnerability. Affected component: evalSMSI (2.1.03). Root cause: insecure password storage combined with an external...

CVE-2010-0615

EvalSMSI 2.1.03 contains a Cross‑Site Scripting (XSS) vulnerability in assess.php, exploitable via the reports comment box in the continue_assess action. The issue allows injection of arbitrary web script/HTML. Details indicate a client-side impact with potential partial integrity impact, and the...

CVE-2010-0617

CVE-2010-0617 affects evalSMSI, specifically version 2.1.03, with a cross-site scripting (XSS) flaw in ajax.php that allows injection of arbitrary script/HTML via the return parameter. The vulnerability is cited in multiple feeds (NVD entry, OpenVAS findings) and has a NVD base score of 4.3 (Medi...

CVE-2010-0614

CVE-2010-0614 is a SQL injection in evalSMSI 2.1.03 affecting ajax.php. The vulnerability allows remote attackers to inject SQL through the query parameter in the (1) question action and potentially (2) sub_par or (3) num_quest actions. Documents confirm the affected product/version and the input...