CVSS: 9.8EPSS: 1%CPEs: 132EXPL: 4CVE-2010-4006 – WSN Links - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4006
03 Nov 2010 — Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. Múltiples vulnerabilidades de inyección SQL en search.php en WSN Links v5.0.x anterior a v5.0.81, v5.1.x anterior a v5.1.51, y v6.0.x anterior a v6.0.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) namecondition o (2) ... • https://www.exploit-db.com/exploits/15607 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6031 – WSN Links 2.22/2.23 - 'vote.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6031
03 Feb 2009 — SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable. Una vulnerabilidad de inyección SQL en el archivo vote.php en WSN Links versiones 2.22 y 2.23, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro id. NOTA: más tarde se reportó que la versión 2.34 también es vulnerable. • https://www.exploit-db.com/exploits/6524 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6032 – WSN Links Free 4.0.34P - 'comments.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6032
03 Feb 2009 — SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el comments.php en WSN Links Free v4.0.34P permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id". • https://www.exploit-db.com/exploits/6529 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6033 – WSN Links 2.20 - 'comments.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6033
03 Feb 2009 — SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el archivo comments.php en WSN Links 2.20 que permite a los atacantes remoto, ejecutar arbitrariamente comandos SQL a través del parámetro id. • https://www.exploit-db.com/exploits/6525 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 1%CPEs: 90EXPL: 1CVE-2008-3555 – Wsn (Multiple Products) - Local File Inclusion / Code Execution
https://notcve.org/view.php?id=CVE-2008-3555
08 Aug 2008 — Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. Una vulnerabilidad de salto de directorio en el archivo index.php en (1) WSN Forum versión 4.1.43 y... • https://www.exploit-db.com/exploits/6208 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2007-3981 – WSN Links Basic Edition - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3981
25 Jul 2007 — SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action. Vulnerabilidad de inyección SQL en index.php de WSN Links Basic Edition permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid en una acción displaycat. • https://www.exploit-db.com/exploits/4209 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2006-5421 – WSN Forum 1.3.4 - 'prestart.php' Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-5421
20 Oct 2006 — WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability. WSN Forum 1.3.4 y anteriores permite a un atacante remoto ejecutar código PHP de su elección a través de una nombre de camino modificado en el pa... • https://www.exploit-db.com/exploits/2583 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2005-3939 – WSN Knowledge Base 1.2 - 'comments.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3939
01 Dec 2005 — Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php. • https://www.exploit-db.com/exploits/26680 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2005-3916 – WSN Forum 1.21 - 'memberlist.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3916
30 Nov 2005 — SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. • https://www.exploit-db.com/exploits/26567 •