2 matches found
CVE-2010-2317
CVE-2010-2317 concerns multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier. The flaws allow remote attackers to inject arbitrary SQL through specific parameters: default.asp: (1) search, (2) sbr, (3) pid, (4) sbl, (5) FilePath; and printpage.asp: (6) sbr, (7) pr, (8) psPrice. The des...
CVE-2010-2316
CVE-2010-2316 describes multiple cross-site scripting (XSS) vulnerabilities in WmsCms 2.0 and earlier, affecting default.asp and related endpoints. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, with vectors dif...