CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5934
https://notcve.org/view.php?id=CVE-2007-5934
13 Nov 2007 — The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. La funcionalidad LOB en PEAR MDB2 anterior a 2.5.0a1 interpreta una respuesta para almacenar una cadena que contiene una URL, lo cual podrí... • http://bugs.gentoo.org/show_bug.cgi?id=198446 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3628
https://notcve.org/view.php?id=CVE-2007-3628
09 Jul 2007 — Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." Vulnerabilidad no especificada en la función fetch en MDB2.php en PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 y anteriores permite a atacantes remotos "manipular la ordenación generada de preguntas". • http://osvdb.org/45805 •