CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 1CVE-2008-4620 – Meeting Room Booking System (MRBS) < 1.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-4620
21 Oct 2008 — SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php. Vulnerabilidad de inyección SQL en Meeting Room Booking System (MRBS) versiones anteriores a v1.4 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "area" en (1) month.php, y posiblemente en (2) day.php y (3) week.php. • https://www.exploit-db.com/exploits/6781 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 7CVE-2008-3565 – Meeting Room Booking System (MRBS) 1.2.6 - 'help.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3565
10 Aug 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Meeting Room Booking System (MRBS) 1.2.6... • https://www.exploit-db.com/exploits/32149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 4CVE-2007-6538 – MRBS 1.2.x - 'view_entry.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6538
27 Dec 2007 — SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. Una vulnerabilidad de inyección SQL en el archivo ing/blocks/mrbs/code/web/view_entry.php en el plugin MRBS para Moodle, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro id. • https://www.exploit-db.com/exploits/30921 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •