RSS   Podatności dla 'Phpenpals'   RSS

2009-05-29
 
CVE-2009-1814

CWE-89
 

 
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.

 
2006-01-03
 
CVE-2006-0074

CWE-89
 

 
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.

 


Copyright 2024, cxsecurity.com

 

Back to Top