CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4500
https://notcve.org/view.php?id=CVE-2010-4500
08 Dec 2010 — Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en contact.php de MRCGIGUY (MCG) FreeTicket v1.0.0, cuando magic_quotes_gpc está... • http://secunia.com/advisories/42313 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2010-4358
https://notcve.org/view.php?id=CVE-2010-4358
01 Dec 2010 — Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos cruzados (XSS) en gb.cgi en MRCGIGUY (MCG) Guestbook v1.0, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través de los parámetros (1) name, (2) email, (3) website, y (4) message. • http://evuln.com/vulns/144/summary.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-4363
https://notcve.org/view.php?id=CVE-2010-4363
01 Dec 2010 — Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action. Múltiples vulnerabilidades en contact.php en MRCGIGUY (MCG) FreeTicket v1.0.0, cuando están desactivadas las magic_quotes, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) id y (2) email en una acción "Showtickets". • http://evuln.com/vulns/146/summary.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7121
https://notcve.org/view.php?id=CVE-2008-7121
28 Aug 2009 — Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de la barra de búsqueda. • http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-7120 – Hot Links SQL-PHP - 'news.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-7120
28 Aug 2009 — SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. Una vulnerabilidad de inyección SQL en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro news.php. • https://www.exploit-db.com/exploits/32355 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2639 – mrcgiguy the ticket system 2.0 PHP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2639
28 Jul 2009 — SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action. Vulnerabilidad de inyección SQL en admin.php en MRCGIGUY The Ticket System v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción "viewticket". • https://www.exploit-db.com/exploits/8917 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2009-2080 – mrcgiguy the ticket system 2.0 PHP - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-2080
16 Jun 2009 — admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action. admin.php en MRCGIGUY The Ticket System v2.0, no restringe adecuadamente el acceso, lo que permite a atacantes remotos (1) obtener información sobre la configuración a través de una acción "editconfig" o (2) modificar la contraseña de adminis... • https://www.exploit-db.com/exploits/8917 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2006-7086 – Hot Links - Perl PHP Information Disclosure
https://notcve.org/view.php?id=CVE-2006-7086
28 Feb 2007 — The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. Los archivos (1) dlback.php y (2) dlback.cgi de Hot Links permite a atacantes remotos obtener información sensible y descargar la base de datos mediante una petición directa con un parámetro dl modificado. • https://www.exploit-db.com/exploits/29047 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •