CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2205
https://notcve.org/view.php?id=CVE-2008-2205
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. Vulnerabilidad de inyección SQL en index.php de Maian Music 1.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro album en una acción album. • http://secunia.com/advisories/30066 http://securityreason.com/securityalert/3884 http://www.securityfocus.com/archive/1/491590/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2206
https://notcve.org/view.php?id=CVE-2008-2206
Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados en Maian Music 1.1 permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de (1) el parámetro keywords en una acción de búsqueda en index.php, y de (2)el parámetro msg_script de admin/inc/footer.php. • http://secunia.com/advisories/30066 http://securityreason.com/securityalert/3884 http://www.securityfocus.com/archive/1/491590/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42210 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •