CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7044 – AJSquare Free Polling Script - 'DB' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-7044
24 Aug 2009 — SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter. Vulnerabilidad de inyección SQL en admin/include/newpoll.php en AJ Square Free Polling Script (AJPoll) Database version permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "ques". • https://www.exploit-db.com/exploits/7086 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-7045 – AJSquare Free Polling Script - 'DB' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-7045
24 Aug 2009 — AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php. AJ Square Free Polling Script (AJPoll) Database permite a atacantes remotos saltarse la autenticación y resetear los votos de la encuesta a través de una petición directa a admin/resetvote.php. • https://www.exploit-db.com/exploits/7086 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2008-7046 – AJSquare Free Polling Script - 'DB' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-7046
24 Aug 2009 — AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. AJ Square Free Polling Script (AJPoll) permite a atacantes remotos evitar la autenticación y crear nuevas votaciones a través de una petición directa a admin/include/newpoll.php. Vector distinto del... • https://www.exploit-db.com/exploits/7086 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2008-7051 – AJ Article 1.0 - Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-7051
24 Aug 2009 — AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/. AJ Square AJ Article permite a atacantes remotos saltar la funcionalidad de autenticación y acceso de administrador mediante una petición directa a (1) user.php, (2)... • https://www.exploit-db.com/exploits/7081 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2779 – AJ Matrix 3.1 - 'id' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-2779
17 Aug 2009 — SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action. Vulnerabilidad de inyección SQL en index.php en AJ Matrix DNA, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción productdetail. • https://www.exploit-db.com/exploits/12346 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6721 – AJ Article 1.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-6721
14 Apr 2009 — SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field). Vulnerabilidad de inyección SQL en index.php en AJ Square AJ Article permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "txtName" (también conocido como el campo "username"). • https://www.exploit-db.com/exploits/6932 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •