RSS   Vulnerabilities for 'Siteengine'   RSS

2010-12-01
 
CVE-2010-4357

CWE-89
 

 
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.

 
 
CVE-2008-7269

CWE-20
 

 
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.

 
 
CVE-2008-7268

CWE-200
 

 
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.

 
 
CVE-2008-7267

CWE-89
 

 
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top