CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2014-100031 – GDL 4.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-100031
13 Jan 2015 — Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. Múltiples vulnerabilidades de inyección SQL en Ganesha Digital Library (GDL) 4.2 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en (1) download.php o (2) main.php. • https://www.exploit-db.com/exploits/31961 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0965 – GDL 4.x - 'node' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0965
19 Mar 2009 — SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. Vulnerabilidad de inyección SQL en functions/browse.php en Ganesha Digital Library (GDL) v4.0 y v4.2, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "node" en una acción "browse" a gdl.php. • https://www.exploit-db.com/exploits/8228 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •