2 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action. Vulnerabilidad de inyección SQL en topics.php del módulo MyArticles 0.6 beta-1 para RunCMS permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro topic_id en una acción listarticles. • https://www.exploit-db.com/exploits/5505 http://www.securityfocus.com/bid/28952 https://exchange.xforce.ibmcloud.com/vulnerabilities/42016 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo MyArticles anterior a 0.6 beta 1, para RunCMS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados a (1) topics.php, (2) submit.php, y (3) class/calendar.class.php. • http://sourceforge.net/project/shownotes.php?release_id=466097 http://www.vupen.com/english/advisories/2006/4777 https://exchange.xforce.ibmcloud.com/vulnerabilities/30618 •