Bogdan Calin

#11311de 53,635
24.3CVSS total
Vulnerabilidades · 4
Média
2
Alta
2
PT-2011-1838
7.5
2011-10-08
Cubecart · Cubecart · CVE-2010-4903
**Name of the Vulnerable Software and Affected Versions** CubeCart version 4.3.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `searchStr` parameter in the "index.php" file. **Recommendations** For CubeCart version 4.3.3, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `searchStr` parameter in the "index.php" file to minimize the risk of exploitation.
PT-2011-1841
7.5
2011-10-08
Zenphoto · Zenphoto · CVE-2010-4906
**Name of the Vulnerable Software and Affected Versions** Zenphoto versions 1.3 through 1.3.1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `a` parameter in the full-image.php file within the zp-core component. **Recommendations** For Zenphoto versions 1.3 through 1.3.1.2, consider restricting access to the full-image.php file until a patch is available. As a temporary workaround, avoid using the `a` parameter in the affected API endpoint until the issue is resolved.
PT-2011-1842
4.3
2011-10-08
Zenphoto · Zenphoto · CVE-2010-4907
**Name of the Vulnerable Software and Affected Versions** Zenphoto version 1.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `user` parameter in the admin.php file. **Recommendations** For Zenphoto version 1.3, consider restricting access to the admin.php file until a patch is available, and avoid using the `user` parameter in sensitive operations to minimize the risk of exploitation.
PT-2009-6201
5.0
2009-11-23
Php · Php · CVE-2009-4017
**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.12 PHP versions 5.3.x prior to 5.3.1 **Description** The issue allows remote attackers to cause a denial of service due to resource exhaustion by creating multiple temporary files when handling a multipart/form-data POST request. This also makes it easier for remote attackers to exploit local file inclusion vulnerabilities via multiple requests, related to the lack of support for the `max file uploads` directive. **Recommendations** For PHP versions prior to 5.2.12, update to version 5.2.12 or later. For PHP versions 5.3.x prior to 5.3.1, update to version 5.3.1 or later.