Page 9 of 50 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en poll_vote.php de iGaming CMS versión 1.5 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/31747 http://downloads.securityfocus.com/vulnerabilities/exploits/29059.pl http://www.securityfocus.com/bid/29059 https://exchange.xforce.ibmcloud.com/vulnerabilities/42229 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2

SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter. Vulnerabilidad de inyección SQL en RD.asp de RedDot CMS 7.5 Build 7.5.0.48, y posiblemente otras versiones incluyendo 6.5 y 7.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro LngId. RedDot CMS versions 7.5 Build 7.5.0.48 and below suffer from a remote SQL injection vulnerability in ioRD.asp. • https://www.exploit-db.com/exploits/5482 https://github.com/SECFORCE/CVE-2008-1613 http://secunia.com/advisories/29843 http://www.irmplc.com/index.php/167-Advisory-026 http://www.securityfocus.com/archive/1/491139/100/0/threaded http://www.securityfocus.com/bid/28872 https://exchange.xforce.ibmcloud.com/vulnerabilities/41924 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. Vulnerabilidad de Inyección SQL en index.php de Danneo CMS 0.5.1 y versiones anteriores, cuando la opción Referers statistics está activada, permite a atacantes remotos ejecutar comandos SQL de su elección mediante la cabecera HTTP Referer. • https://www.exploit-db.com/exploits/5239 https://exchange.xforce.ibmcloud.com/vulnerabilities/41153 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 8%CPEs: 4EXPL: 2

PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inclusión remota de archivo en PHP en blocks/block_site_map.php de ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, y (4) Shop Free 3.3.2 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro root_folder_path. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/4722 http://osvdb.org/42628 http://secunia.com/advisories/28066 http://www.securityfocus.com/bid/26828 http://www.vupen.com/english/advisories/2007/4207 https://exchange.xforce.ibmcloud.com/vulnerabilities/38993 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 10%CPEs: 1EXPL: 7

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. Múltiples vulnerabilidades PHP de inclusión remota de archivo en Ossigeno CMS 2.2 pre1 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro (1) level en (a) install_module.php y (b) uninstall_module.php en upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, y (d) install_module.php y (e) uninstall_module.php en upload/xax/ossigeno/admin/; y el parámetro (2) ossigeno en (f)ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, en vectores diferentes que CVE-2007-5234. • https://www.exploit-db.com/exploits/30831 https://www.exploit-db.com/exploits/30826 https://www.exploit-db.com/exploits/30827 https://www.exploit-db.com/exploits/30828 https://www.exploit-db.com/exploits/30829 https://www.exploit-db.com/exploits/30830 http://osvdb.org/44312 http://osvdb.org/44313 http://osvdb.org/44314 http://osvdb.org/44315 http://osvdb.org/44316 http://osvdb.org/44317 http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi. • CWE-20: Improper Input Validation •