CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-3981 – WSN Links Basic Edition - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3981
SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action. Vulnerabilidad de inyección SQL en index.php de WSN Links Basic Edition permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid en una acción displaycat. • https://www.exploit-db.com/exploits/4209 http://osvdb.org/36270 http://secunia.com/advisories/26246 http://www.securityfocus.com/bid/24996 http://www.vupen.com/english/advisories/2007/2615 https://exchange.xforce.ibmcloud.com/vulnerabilities/35543 •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1CVE-2006-5421 – WSN Forum 1.3.4 - 'prestart.php' Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-5421
WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability. WSN Forum 1.3.4 y anteriores permite a un atacante remoto ejecutar código PHP de su elección a través de una nombre de camino modificado en el parámetro pathtoconfig que apunta a una imagen avatar que contiene código PHP, lo cual se alcanza desde prestart.php. NOTA: este asunto ha sido etiquetado en la inclusión remota de archivo, pero la etiqueta solo se aplica al ataque, no a la vulnerabilidad subrayada. • https://www.exploit-db.com/exploits/2583 http://secunia.com/advisories/22360 http://www.securityfocus.com/bid/20586 http://www.vupen.com/english/advisories/2006/4081 https://exchange.xforce.ibmcloud.com/vulnerabilities/29635 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2005-3939 – WSN Knowledge Base 1.2 - 'comments.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3939
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php. • https://www.exploit-db.com/exploits/26680 https://www.exploit-db.com/exploits/26679 https://www.exploit-db.com/exploits/26681 http://pridels0.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html http://secunia.com/advisories/17810 http://www.osvdb.org/21262 http://www.osvdb.org/21263 http://www.osvdb.org/21264 http://www.securityfocus.com/bid/15656 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2005-3916 – WSN Forum 1.21 - 'memberlist.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3916
SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. • https://www.exploit-db.com/exploits/26567 http://pridels0.blogspot.com/2005/11/wsn-forum-id-sql-injection.html http://secunia.com/advisories/17694 http://www.osvdb.org/21068 http://www.securityfocus.com/bid/15549 http://www.vupen.com/english/advisories/2005/2548 •