3 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

28 Aug 2009 — Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de la barra de búsqueda. • http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

28 Aug 2009 — SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. Una vulnerabilidad de inyección SQL en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro news.php. • https://www.exploit-db.com/exploits/32355 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2

28 Feb 2007 — The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. Los archivos (1) dlback.php y (2) dlback.cgi de Hot Links permite a atacantes remotos obtener información sensible y descargar la base de datos mediante una petición directa con un parámetro dl modificado. • https://www.exploit-db.com/exploits/29047 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •