9 matches found
CVE-2012-3350
The CVE-2012-3350 entry refers to a Blind SQL Injection in Webmatic 3.1.1 (vendor: valarsoft.com) via the Referer HTTP header fed to index.php. The underlying issue is improper sanitization of input used in SQL queries, enabling remote attackers to infer data (e.g., via time-based techniques) and...
CVE-2007-3727
Technical details are not publicly provided in the supplied documents; no affected components, versions beyond "Webmatic before 2.7", or impact vectors are specified. Monitor for updates.
CVE-2008-2924
Technical details about CVE-2008-2924 are not provided in the supplied documents; no affected versions, vectors, or fixes are specified. Monitor for official disclosures for updates.
CVE-2009-4379
Valarsoft Webmatic is affected by CVE-2009-4379: multiple Cross-Site Scripting (XSS) vulnerabilities in Webmatic before 3.0.3 that allow remote attackers to inject arbitrary scripts/HTML via unspecified vectors. The vulnerability is documented across sources such as NVD and OpenVAS; CVSS v2 base ...
CVE-2009-4380
Valarsoft Webmatic is affected by CVE-2009-4380: multiple SQL injection vulnerabilities in Webmatic before version 3.0.3. The root cause is SQL injection via unspecified vectors, enabling remote attackers to execute arbitrary SQL commands. The CVE is referenced across multiple sources (NVD, Red H...
CVE-2007-0839
The CVE-2007-0839 entry describes multiple PHP remote file inclusion vulnerabilities in Valarsoft WebMatic 2.6, exploitable via index/index_album.php through the P_LIB and P_INDEX parameters. The underlying issue is remote code execution by providing a URL for these parameters, enabling an attack...
CVE-2008-2925
CVE-2008-2925 affects Webmatic before 2.8. It is a SQL injection vulnerability allowing remote execution of arbitrary SQL commands via unspecified vectors. Connected sources confirm the vendor/product and vulnerability class, but no explicit exploit details or patch/version remediation are provid...
CVE-2007-3648
CVE-2007-3648 describes an SQL injection vulnerability in Webmatic prior to 2.6.2, with possible victims in versions before 2.7. The vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors, with potential relevance to admin/admin_album.php and admin/admin_d...
CVE-2010-4808
The provided documents confirm a SQL injection vulnerability in Webmatic’s index.php exploitable via the p parameter, enabling remote execution of arbitrary SQL commands. Affected software/component: Webmatic (index.php). Root cause: improper handling of the p parameter leading to SQL injection. ...