2 matches found
CVE-2005-2468
The CVE-2005-2468 entry describes multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier that allow remote attackers to execute arbitrary SQL commands. Affected functions include isCorrectPassword and userExist in class.auth.php, getCustomFieldReport in custom_fields.php, (5) c...
CVE-2005-2467
CVE-2005-2467 describes multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier . The flaws allow remote attackers to inject arbitrary web script or HTML via parameters: (1) the id parameter to view.php , (2) the release parameter to list.php , or (3) the F paramete...