RSS   Podatności dla 'Basic-php-events-lister'   RSS

2009-09-11
 
CVE-2009-3168

 
 
Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.

 
2009-03-13
 
CVE-2008-6464

CWE-89
 
 
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top