2 matches found
CVE-2012-6505
CVE-2012-6505 is an XSS vulnerability in PHP Volunteer Management 1.0.2, specifically in mods/hours/data/get_hours.php where the id parameter can be abused to inject arbitrary script/HTML. Affected component is the get_hours.php routine; root cause is improper handling/validation of the id input....
CVE-2012-6504
CVE-2012-6504 affects PHP Volunteer Management 1.0.2, with the vulnerability in mods/hours/data/get_hours.php . An attacker can exploit an SQL injection via the id parameter to execute arbitrary SQL commands. The NVD metrics show a base score of 7.5 (HIGH) with network access, low attack complexi...