CVE-2008-4345 – WebPortal CMS 0.7.4 - 'download.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4345
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. Vulnerabilidad de inyección SQL en download.php en WebPortal CMS v0.7.4 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través de una el parámetro "aid". • https://www.exploit-db.com/exploits/6443 http://secunia.com/advisories/31784 http://www.securityfocus.com/bid/31156 http://www.vupen.com/english/advisories/2008/2560 https://exchange.xforce.ibmcloud.com/vulnerabilities/45113 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-0141 – WebPortal CMS 0.6-beta - Remote Password Change
https://notcve.org/view.php?id=CVE-2008-0141
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. actions.php de WebPortal CMS 0.6-beta genera contraseñas predecibles conteniendo sólo la hora del día, lo cual facilita a atacantes remotos obtener acceso a cualquier cuenta mediante una acción lostpass. • https://www.exploit-db.com/exploits/4835 http://www.securityfocus.com/bid/27145 https://exchange.xforce.ibmcloud.com/vulnerabilities/39486 • CWE-330: Use of Insufficiently Random Values •
CVE-2007-6664 – WebPortal CMS 0.6.0 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6664
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. Vulnerabilidad de inyección SQL en index.php de WebPortal CMS 0.6.0 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro m. • https://www.exploit-db.com/exploits/4826 http://osvdb.org/39887 http://www.securityfocus.com/bid/27088 https://exchange.xforce.ibmcloud.com/vulnerabilities/39336 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •