RSS   Vulnerabilities for 'Mcshoutbox'   RSS

2009-10-16
 
CVE-2009-3716

 

 
Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/.

 
 
CVE-2009-3715

 

 
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

 
 
CVE-2009-3714

 

 
Cross-site scripting (XSS) vulnerability in admin_login.php in MCshoutbox 1.1 allows remote attackers to inject arbitrary web script or HTML via the loginerror parameter.

 

 >>> Vendor: Maniacomputer 2 Products
Mcshoutbox
New5starrating


Copyright 2024, cxsecurity.com

 

Back to Top