RSS   Podatności dla 'Phplive'   RSS

2008-02-19
 
CVE-2008-0821

CWE-89
 

 
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.

 
2007-06-05
 
CVE-2007-3060

CWE-Other
 

 
Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

 

 >>> Vendor: Osi codes inc. 2 Produkty
Intragnat
Phplive


Copyright 2024, cxsecurity.com

 

Back to Top