2 results (0.014 seconds)

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente DJ-artgallery (com_djartgallery) v0.9.1 para Joomla! permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro cid[] en una acción EditItem a administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65187 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 https://exchange.xforce.ibmcloud.com/vulnerabilities/59142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente DJ-ArtGallery (com_djartgallery) de 0.9.1 for Joomla!. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro cid[] en una acción editItem de administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65188 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 http://www.vupen.com/english/advisories/2010/1374 https://exchange.xforce.ibmcloud.com/vulnerabilities/59143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •