CVE-2014-4306 – WebTitan 4.01 (Build 68) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4306
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. Vulnerabilidad de salto de directorio en logs-x.php en WebTitan anterior a 4.04 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro logfile en una acción de descarga. • https://www.exploit-db.com/exploits/33699 http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-4307 – WebTitan 4.01 (Build 68) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4307
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. Vulnerabilidad de inyección SQL en categories-x.php en WebTitan anterior a 4.04 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro sortkey. • https://www.exploit-db.com/exploits/33699 http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •