9 results (0.011 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. • https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d https://github.com/Piwigo/Piwigo-Guest-Book/releases/tag/1.3.1 https://vuldb.com/?ctiid.217582 https://vuldb.com/?id.217582 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 y anteriores permite a atacantes remotos inyectar secuencias de comandos arbitrarios o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17480391/995116/index.html http://jvn.jp/en/jp/JVN17480391/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos cruzados (XSS) en gb.cgi en MRCGIGUY (MCG) Guestbook v1.0, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través de los parámetros (1) name, (2) email, (3) website, y (4) message. • http://evuln.com/vulns/144/summary.html http://packetstormsecurity.org/files/view/96101/mcgguestbook-xss.txt http://secunia.com/advisories/42315 http://www.securityfocus.com/archive/1/514884/100/0/threaded http://www.securityfocus.com/bid/45043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 4

KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. KMSoft Guestbook (también conocido como GBook) v1.0 almacena información sensible bajo el root web con control de acceso insuficiente, lo que permite a atacantse remotos descargar una base de datos a través de una petición directa para db/db.mdb. • https://www.exploit-db.com/exploits/11005 http://osvdb.org/61487 http://packetstormsecurity.org/1001-exploits/kmsoftgb-disclose.txt http://secunia.com/advisories/38076 http://www.exploit-db.com/exploits/11005 https://exchange.xforce.ibmcloud.com/vulnerabilities/55376 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2

admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 http://secunia.com/advisories/31070 http://www.maianscriptworld.co.uk/free-php-scripts/maian-guestbook/development/index.html http://www.securityfocus.com/bid/30203 • CWE-287: Improper Authentication •