CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2009-4786
https://notcve.org/view.php?id=CVE-2009-4786
Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Pligg anterior a v1.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la cabecera HTTP Referer a (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, y (8) user_settings.php. • http://holisticinfosec.org/content/view/130/45 http://secunia.com/advisories/37349 http://www.pligg.com/blog/775/pligg-cms-1-0-3-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2009-4788
https://notcve.org/view.php?id=CVE-2009-4788
Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. Vulnerabilidad involuntaria de redirección en Pligg v1.0.2 y anteriores, permite a atacantes remotos redirigir a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través del parámetro (1) "return" a pligg/login.php y la cabecera (2) HTTP Referer a user_settings.php. • http://holisticinfosec.org/content/view/130/45 http://secunia.com/advisories/37349 http://www.pligg.com/blog/775/pligg-cms-1-0-3-release • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6968 – Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2008-6968
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. Vulnerabilidad múltiple de inyección SQL en submit.php en Pligg CMS v9.9.5 permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través de los parámetros (1) category y (2) id. • https://www.exploit-db.com/exploits/6173 http://www.digitrustgroup.com/advisories/web-application-security-pligg http://www.securityfocus.com/bid/31062 https://exchange.xforce.ibmcloud.com/vulnerabilities/45086 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5739 – Pligg 9.9.5b - Arbitrary File Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2008-5739
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. Vulnerabilidad de inyección SQL en evb/check_url.php en Pligg CMS 9.9.5 Beta permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro url. • https://www.exploit-db.com/exploits/7544 http://osvdb.org/50913 http://securityreason.com/securityalert/4817 http://www.securityfocus.com/bid/32970 https://exchange.xforce.ibmcloud.com/vulnerabilities/47571 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 3CVE-2008-3573 – Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass
https://notcve.org/view.php?id=CVE-2008-3573
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. La implementación CAPTCHA en (1) Pligg 9.9.5 y posiblemente (2) Francisco Burzi PHP-Nuke 8.1, proporciona un número aleatorio crítico (el valor del ts_random) dentro de la URL en el traibuto SRC de un elemento IMG, lo que permite a atacantes remotos evitar el test CAPTCHA mediante un cálculo que combina ese valor con la fecha actual y la cadena HTTP del User-Agent. • https://www.exploit-db.com/exploits/32142 http://www.rooksecurity.com/blog/?p=17 http://www.securityfocus.com/bid/30518 https://exchange.xforce.ibmcloud.com/vulnerabilities/44192 • CWE-189: Numeric Errors CWE-264: Permissions, Privileges, and Access Controls •