CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0377 – Joomla! Component beamospetition 1.0.12 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0377
02 Feb 2009 — SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. Vulnerabilidad de inyección SQL en el componente beamospetition (com_beamospetition) v1.0.12 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro "mpid" en una acción "sign" de index.php, un vector diferente a CVE-2008-3132. • https://www.exploit-db.com/exploits/7847 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0378 – Joomla! Component beamospetition 1.0.12 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0378
02 Feb 2009 — Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el archivo index.php en el componente beamospetition (com_beamospetition) 1.0.12 para Joomla! que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través ... • https://www.exploit-db.com/exploits/7847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •