CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6032 – WSN Links Free 4.0.34P - 'comments.php' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6032
03 Feb 2009 — SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el comments.php en WSN Links Free v4.0.34P permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id". • https://www.exploit-db.com/exploits/6529 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 1%CPEs: 90EXPL: 1CVE-2008-3555 – Wsn (Multiple Products) - Local File Inclusion / Code Execution
https://notcve.org/view.php?id=CVE-2008-3555
08 Aug 2008 — Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. Una vulnerabilidad de salto de directorio en el archivo index.php en (1) WSN Forum versión 4.1.43 y... • https://www.exploit-db.com/exploits/6208 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •