RSS   Vulnerabilities for 'Dbninja'   RSS

2019-02-11
 
CVE-2019-7748

CWE-79
 

 
_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists.

 
 
CVE-2019-7747

CWE-384
 

 
DbNinja 3.2.7 allows session fixation via the data.php sessid parameter.

 
2019-02-06
 
CVE-2019-7545

CWE-79
 

 
In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has a Stored Cross-site Scripting (XSS) vulnerability in the User Name field.

 


Copyright 2019, cxsecurity.com

 

Back to Top