2 results (0.002 seconds)

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters. • https://www.exploit-db.com/exploits/27837 http://secunia.com/advisories/19989 http://securitytracker.com/id?1016062 http://www.hamid.ir/security/evotopsites.txt http://www.osvdb.org/25440 http://www.securityfocus.com/bid/17893 http://www.vupen.com/english/advisories/2006/1689 https://exchange.xforce.ibmcloud.com/vulnerabilities/26328 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters. • http://securityreason.com/securityalert/544 http://www.osvdb.org/23826 http://www.securityfocus.com/archive/1/426826/100/0/threaded http://www.securityfocus.com/archive/1/431869/100/0/threaded http://www.securityfocus.com/bid/16983 •