2 matches found
CVE-2008-6372
The CVE-2008-6372 entry describes a SQL injection in Ocean12 FAQ Manager Pro 1.0. The vulnerability affects default.asp in the Cat action, where the ID parameter can be manipulated to execute arbitrary SQL commands remotely. The root cause is improper input handling leading to SQL injection. Impa...
CVE-2008-7063
The CVE refers to Ocean12 FAQ Manager Pro, where sensitive data is stored under the web root with insufficient access control. This allows remote attackers to access and download the database via a direct request to admin/o12faq.mdb, exposing data (confidentiality impact noted as partial). The ro...