CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3154 – Joomla! Component Almond Classifieds com_aclassf 7.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3154
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567. Vulnerabilidad de inyección SQL en el componente Almond Classifieds (com_aclassf) v7.5 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro "replid" en la acción manw_repl add_form a index.php, un vector diferente del que aparece en CVE-2009-2567. • https://www.exploit-db.com/exploits/9258 http://secunia.com/advisories/35998 http://www.exploit-db.com/exploits/9258 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3155 – Joomla! Component Almond Classifieds com_aclassf 7.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3155
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en gmap.php en el componente Almond Classifieds (com_aclassf) v7.5 para Joomla! permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro addr. • https://www.exploit-db.com/exploits/9258 http://secunia.com/advisories/35998 http://www.exploit-db.com/exploits/9258 http://www.osvdb.org/56561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •