2 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. Kisisel Radyo Script almacena información confidencial bajo la carpeta raíz web con controles de acceso insuficientes; lo que permite, a atacantes remotos, descargar una base de datos a través de una petición directa a sevvo/eco23.mdb. • https://www.exploit-db.com/exploits/15270 http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt http://secunia.com/advisories/41816 http://www.exploit-db.com/exploits/15270 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. Vulnerabilidad de Inyección SQL en radyo.asp en Kisisel Radyo Script permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro ID. • https://www.exploit-db.com/exploits/15270 http://packetstormsecurity.org/1010-exploits/kisiselradyoscript-disclose.txt http://secunia.com/advisories/41816 http://www.exploit-db.com/exploits/15270 http://www.securityfocus.com/bid/44155 https://exchange.xforce.ibmcloud.com/vulnerabilities/62600 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •