RSS   Vulnerabilities for 'Annoncescripthp'   RSS

2006-12-11
 
CVE-2006-6480

CWE-Other
 
 
admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remote attackers to obtain sensitive information via the idmembre parameter, which discloses the passwords for arbitrary users.

 
 
CVE-2006-6479

CWE-Other
 
 
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.

 
 
CVE-2006-6478

CWE-Other
 
 
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.

 

 >>> Vendor: Scriptphp 4 Products
Annoncescripthp
Pronews
Messageriescripthp
Picengine

Copyright 2024, cxsecurity.com

 

Back to Top