CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2010-4856 – xWeblog 2.2 - 'arsiv.asp?tarih' SQL Injection
https://notcve.org/view.php?id=CVE-2010-4856
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. Vulnerabilidad de inyección SQL en arsiv.asp de xWeblog 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro tarih. • https://www.exploit-db.com/exploits/15219 http://www.exploit-db.com/exploits/15219 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2010-4855 – xWeblog 2.2 - 'oku.asp?makale_id' SQL Injection
https://notcve.org/view.php?id=CVE-2010-4855
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter. Vulnerabilidad de inyección SQL en oku.asp de xWeblog 2.2. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro makale_id. • https://www.exploit-db.com/exploits/15218 http://packetstormsecurity.org/1010-exploits/xweblog22-sql.txt http://secunia.com/advisories/41708 http://securityreason.com/securityalert/8414 http://www.exploit-db.com/exploits/15218 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •