CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2203
https://notcve.org/view.php?id=CVE-2008-2203
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en search.php de Maian Search 1.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro keywords en una acción search. • http://securityreason.com/securityalert/3883 http://www.securityfocus.com/archive/1/491586/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42196 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2204
https://notcve.org/view.php?id=CVE-2008-2204
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/inc/header.php de Maian Search 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetros 1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8 y (9) header9. • http://securityreason.com/securityalert/3883 http://www.securityfocus.com/archive/1/491586/100/0/threaded http://www.securityfocus.com/bid/29032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •