CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7121
https://notcve.org/view.php?id=CVE-2008-7121
28 Aug 2009 — Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de la barra de búsqueda. • http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2008-7120 – Hot Links SQL-PHP - 'news.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-7120
28 Aug 2009 — SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. Una vulnerabilidad de inyección SQL en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro news.php. • https://www.exploit-db.com/exploits/32355 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2006-7086 – Hot Links - Perl PHP Information Disclosure
https://notcve.org/view.php?id=CVE-2006-7086
28 Feb 2007 — The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. Los archivos (1) dlback.php y (2) dlback.cgi de Hot Links permite a atacantes remotos obtener información sensible y descargar la base de datos mediante una petición directa con un parámetro dl modificado. • https://www.exploit-db.com/exploits/29047 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •