CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0451 – PacerCMS 0.6 - 'id' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-0451
24 Jan 2008 — Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. Múltiples vulnerabilidades de inyección SQL en PacerCMS 0.6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro id a (1) siteadmin/a... • https://www.exploit-db.com/exploits/31048 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0426
https://notcve.org/view.php?id=CVE-2008-0426
23 Jan 2008 — Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo submit.php en PacerCMS versiones anteriores a 0.6.1, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del campo (1) name, (2) headline o (3) text en un mensaje . • http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •