3 results (0.005 seconds)

CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 2

admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria. • https://www.exploit-db.com/exploits/6066 http://secunia.com/advisories/31075 http://securityreason.com/securityalert/4042 http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30211 https://exchange.xforce.ibmcloud.com/vulnerabilities/43753 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/inc/header.php de Maian Search 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetros 1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8 y (9) header9. • http://securityreason.com/securityalert/3883 http://www.securityfocus.com/archive/1/491586/100/0/threaded http://www.securityfocus.com/bid/29032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en search.php de Maian Search 1.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro keywords en una acción search. • http://securityreason.com/securityalert/3883 http://www.securityfocus.com/archive/1/491586/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42196 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •