Alnjm33

#10035de 53,635
27.5CVSS total
Vulnerabilidades · 4
Média
1
Alta
3
PT-2010-2787
5.0
2010-03-23
Ar · Ar Web Content Manager · CVE-2010-1066
**Name of the Vulnerable Software and Affected Versions** AR Web Content Manager (AWCM) version 2.1 **Description** The issue allows remote attackers to download a database due to insufficient access control of sensitive information stored under the web root. This can be achieved by making a direct request for the `control/db backup.php` endpoint. **Recommendations** For AR Web Content Manager (AWCM) version 2.1, restrict access to the `control/db backup.php` endpoint to minimize the risk of exploitation. Consider implementing proper access controls for sensitive information stored under the web root.
PT-2010-2791
7.5
2010-03-23
Imagoscripts · Imagoscripts Deviant Art Clone · CVE-2010-1070
**Name of the Vulnerable Software and Affected Versions** ImagoScripts Deviant Art Clone (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `seid` parameter in a "forums viewcat" action in the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2010-2768
7.5
2010-03-22
Masa2El · Masa2El Music City · CVE-2010-1047
**Name of the Vulnerable Software and Affected Versions** MASA2EL Music City versions 1.0 through 1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "singer" action, specifically targeting the index.php file. **Recommendations** For versions 1.0 and 1.1, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the singer action to minimize the risk of exploitation.
PT-2010-2221
7.5
2010-01-28
Unknown · Magic-Portal · CVE-2010-0457
**Name of the Vulnerable Software and Affected Versions** magic-portal version 2.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "home.php" file. **Recommendations** For magic-portal version 2.1, consider restricting access to the `id` parameter in the home.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.