3 matches found
CVE-2008-3192
CVE-2008-3192 affects jSite 1.0 OE; a directory traversal flaw in index.php allows remote attackers to include and execute arbitrary local files via a .. in the module parameter. The issue enables local file inclusion (LFI) with potential code execution. The vulnerability is documented in multipl...
CVE-2008-7301
CVE-2008-7301 is a SQL injection vulnerability affecting jSite 1.0 OE in admin/login.php, exploitable via the username parameter to execute arbitrary SQL. The CVSSv2 base score is 7.5 (HIGH) with Network access and low attack complexity; impacts to confidentiality, integrity, and availability are...
CVE-2008-3193
CVE-2008-3193 describes a SQL injection vulnerability in jSite 1.0 OE . An attacker can trigger arbitrary SQL commands by manipulating the page parameter of the default URI, enabling remote execution without authentication (per CVSS 2.0: AV:N/AC:L/Au:N/C:P/I:P/A:P). The connected records corrobor...