RSS   Vulnerabilities for 'Minitwitter'   RSS

2009-07-22
 
CVE-2009-2574

CWE-264
 

 
index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action.

 
 
CVE-2009-2573

CWE-89
 

 
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top