CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2014-100031 – GDL 4.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-100031
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. Múltiples vulnerabilidades de inyección SQL en Ganesha Digital Library (GDL) 4.2 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en (1) download.php o (2) main.php. • https://www.exploit-db.com/exploits/31961 http://packetstormsecurity.com/files/125464 http://secunia.com/advisories/57171 https://exchange.xforce.ibmcloud.com/vulnerabilities/91554 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0965 – GDL 4.x - 'node' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0965
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. Vulnerabilidad de inyección SQL en functions/browse.php en Ganesha Digital Library (GDL) v4.0 y v4.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "node" en una acción "browse" a gdl.php. • https://www.exploit-db.com/exploits/8228 http://osvdb.org/52803 http://www.securityfocus.com/bid/34144 http://www.vupen.com/english/advisories/2009/0751 https://exchange.xforce.ibmcloud.com/vulnerabilities/49292 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •