CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2015-6944 – JSPMySQL Administrador - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-6944
06 Sep 2015 — Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. Vulnerabilidad CSRF en JSP/MySQL Administrador Web 1, permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que ejecutan comandos SQL arbitrarios a través del parámetro cmd en sys/sys/listaBD2.jsp. JSPMySQL Administrador version 1 suffers from... • https://packetstorm.news/files/id/133466 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 3CVE-2015-6945 – JSPMySQL Administrador - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-6945
06 Sep 2015 — Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp. Vulnerabilidad de XSS en JSP/MySQL Administrador Web 1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro bd en sys/sys/listaBD2.jsp. JSPMySQL Administrador version 1 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://packetstorm.news/files/id/133466 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •