RSS   Vulnerabilities for 'Web hosting directory'   RSS

2009-08-12
 
CVE-2008-6941

 

 
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.

 
 
CVE-2008-6940

 

 
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.

 
 
CVE-2008-6939

 

 
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.

 

 >>> Vendor: Turnkeyforms 6 Products
Text link sales
Local classifieds
Business survey pro
Entertainment portal
Web hosting directory
Yahoo-answers-clone


Copyright 2019, cxsecurity.com

 

Back to Top