RSS   Vulnerabilities for 'Savas guestbook'   RSS

2008-04-02
 
CVE-2008-1642

CWE-22
 

 
Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
2007-03-06
 
CVE-2007-1305

CWE-Other
 

 
Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.

 
 
CVE-2007-1304

CWE-Other
 

 
Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

 

 >>> Vendor: Savas place 2 Products
Savas guestbook
Savas link manager


Copyright 2024, cxsecurity.com

 

Back to Top