CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4500
https://notcve.org/view.php?id=CVE-2010-4500
08 Dec 2010 — Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en contact.php de MRCGIGUY (MCG) FreeTicket v1.0.0, cuando magic_quotes_gpc está... • http://secunia.com/advisories/42313 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-4363
https://notcve.org/view.php?id=CVE-2010-4363
01 Dec 2010 — Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action. Múltiples vulnerabilidades en contact.php en MRCGIGUY (MCG) FreeTicket v1.0.0, cuando están desactivadas las magic_quotes, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) id y (2) email en una acción "Showtickets". • http://evuln.com/vulns/146/summary.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •