CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2009-2790 – Softbiz Dating Script 1.0 - 'cat_products.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-2790
17 Aug 2009 — SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4. Vulnerabilidad de inyección SQL en cat_products.php en SoftBiz Dating Script, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid. NOTA: está vulnerabilidad podría superponerse a CVE-2006-3271.4. • https://www.exploit-db.com/exploits/33132 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 11CVE-2008-3511 – Softbiz Image Gallery - 'adminhome.php?msg' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-3511
07 Aug 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/ms... • https://www.exploit-db.com/exploits/32174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2087 – Softbiz Web Host Directory Script - 'host_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2087
06 May 2008 — SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. Vulnerabilidad de inyección SQL en search_result.php de Softbiz Web Host Directory Script, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro host_id, un vector distinto a CVE-2005-3817. • https://www.exploit-db.com/exploits/5517 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1050 – Softbiz Jokes and Funny Pictures Script - 'sbcat_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1050
27 Feb 2008 — SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. Vulnerabilidad de inyección SQL en index.php de Softbiz Jokes & Funny Pics Script permite a atacantes remotos ejecutar comandos SLQ de su elección a través del parámetro sbcat_id. • https://www.exploit-db.com/exploits/31294 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2007-6124 – Softbiz Freelancers Script 1 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-6124
26 Nov 2007 — Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en signin.php de Softbiz Freelancers Script 1 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro errmsg. • https://www.exploit-db.com/exploits/4660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6125 – Softbiz Freelancers Script 1 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-6125
26 Nov 2007 — SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. Vulnerabilidad de inyección SQL en search_form.php de Softbiz Freelancers Script 1 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sb_protype. • https://www.exploit-db.com/exploits/4660 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-5449 – Softbiz Recipes Portal Script - SQL Injection
https://notcve.org/view.php?id=CVE-2007-5449
14 Oct 2007 — SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. Vulnerabilidad de inyección SQL en searchresult.php de Softbiz Recipes Portal Script permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sbcat_id. • https://www.exploit-db.com/exploits/4527 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 6CVE-2006-3607 – SoftBiz Banner Exchange Script 1.0 - 'gen_confirm_mem.php?PHPSESSID' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3607
14 Jul 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Softbiz Banner Exchange Script (también conocido como Banner Exchange Network Script) 1.0 perm... • https://www.exploit-db.com/exploits/28139 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 7CVE-2006-3271 – SoftBizScripts Dating Script - SQL Injection
https://notcve.org/view.php?id=CVE-2006-3271
28 Jun 2006 — Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. Vulnerabilidad de múltiples inyección SQL en Softbiz Dating v1.0 permite a los atacantes remotos, ejecutar comandos SQL a través del parámetro (1) country y (2) sort_by en (a) search_results.php; parámetr... • https://www.exploit-db.com/exploits/12438 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 6CVE-2006-1659 – SoftBiz Image Gallery - 'images.php?cid' SQL Injection
https://notcve.org/view.php?id=CVE-2006-1659
07 Apr 2006 — Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. • https://www.exploit-db.com/exploits/27546 •