RSS   Vulnerabilities for 'Webtitan'   RSS

2014-06-18
 
CVE-2014-4307

CWE-89
 

 
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.

 
 
CVE-2014-4306

CWE-22
 

 
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.

 


Copyright 2024, cxsecurity.com

 

Back to Top