Vulnerabilities for Article manager pro (...) - CXSECURITY.COM

Vulnerabilities for 'Article manager pro'

2008-12-17

CVE-2008-5649

CWE-89

SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.

2007-07-30

CVE-2007-4082

Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.

2006-05-24

CVE-2006-2567

CWE-Other

Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.

CVE-2006-2566

CWE-Other

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages.

CVE-2006-2565

CWE-Other

SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.

>>> Vendor: Alstrasoft 15 Products

Affiliate network pro

Template seller

Article manager pro

Webhost directory

Video share enterprise

Text ads enterprise

Sms text messaging enterprise

Forum pay per post exchange

Web email script enterprise

Copyright 2024, cxsecurity.com