CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-7120 – Hot Links SQL-PHP - 'news.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-7120
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. Una vulnerabilidad de inyección SQL en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos ejecutar comandos SQL a través del parámetro news.php. • https://www.exploit-db.com/exploits/32355 http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt http://www.securityfocus.com/bid/31118 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-7121
https://notcve.org/view.php?id=CVE-2008-7121
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mr. CGI Guy Hot Links SQL-PHP v3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de la barra de búsqueda. • http://www.packetstormsecurity.org/0809-exploits/hotlinks-sql.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •