RSS   Vulnerabilities for 'Magic forum personal'   RSS

2005-12-07
 
CVE-2005-4072

 

 
Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field.

 
 
CVE-2005-4071

 

 
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.

 

 >>> Vendor: Cfmagic 4 Products
Magic forum personal
Magic list pro
Magic book personal
Magic book professional


Copyright 2024, cxsecurity.com

 

Back to Top