CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4459 – eXtrovert software Thyme 1.3 - 'pick_users.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4459
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en pick_users.php en el módulo de grupos en el software eXtrovert Thyme v1.3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro uname_search. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceras partes. • https://www.exploit-db.com/exploits/32342 http://secunia.com/advisories/31782 http://www.digitrustgroup.com/advisories/web-application-security-thyme.html http://www.securityfocus.com/bid/31063 https://exchange.xforce.ibmcloud.com/vulnerabilities/44970 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-2621 – Thyme Calendar 1.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-2621
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. Vulnerabilidad de inyección SQL en event_view.php en Thyme Calendar 1.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro eid. • https://www.exploit-db.com/exploits/3895 http://osvdb.org/35971 http://secunia.com/advisories/25234 http://www.securityfocus.com/bid/23912 http://www.vupen.com/english/advisories/2007/1771 https://exchange.xforce.ibmcloud.com/vulnerabilities/34211 •