3 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en guestbook.php de Advanced Guestbook 2.4 para phpBB permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro entry. NOTA: esta vulnerabilidad podría ser resultado de una inyección SQL. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html http://secunia.com/advisories/19905 http://securityreason.com/securityalert/2323 http://www.majorsecurity.de/advisory/major_rls25.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27907 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. Vulnerabilidad de inyección SQL en guestbook.php en Advanced Guestbook 2.4 para phpBB permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro entry. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html http://secunia.com/advisories/19905 http://securityreason.com/securityalert/2323 http://www.majorsecurity.de/advisory/major_rls25.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27908 •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1723 http://secunia.com/advisories/19905 http://www.securityfocus.com/bid/17745 http://www.vupen.com/english/advisories/2006/1600 https://exchange.xforce.ibmcloud.com/vulnerabilities/26217 https://www.exploit-db.com/exploits/1725 •