CVE-2008-0451 – PacerCMS 0.6 - 'id' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-0451
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. Múltiples vulnerabilidades de inyección SQL en PacerCMS 0.6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro id a (1) siteadmin/article-edit.php; y parámetros no especificados a (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, y (6) staff-access.php en siteadmin/. • https://www.exploit-db.com/exploits/31048 http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue http://securityreason.com/securityalert/3574 http://www.securityfocus.com/archive/1/486796/100/0/threaded http://www.securityfocus.com/bid/27397 https://exchange.xforce.ibmcloud.com/vulnerabilities/39833 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-0426
https://notcve.org/view.php?id=CVE-2008-0426
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo submit.php en PacerCMS versiones anteriores a 0.6.1, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del campo (1) name, (2) headline o (3) text en un mensaje . • http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue http://secunia.com/advisories/28605 http://www.securityfocus.com/archive/1/486796/100/0/threaded http://www.securityfocus.com/bid/27386 https://exchange.xforce.ibmcloud.com/vulnerabilities/39832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •