G13

#11637de 53,630
23.6CVSS total
Vulnerabilidades · 4
Média
2
Alta
2
PT-2013-1968
7.5
2013-01-24
Php · Php Volunteer Management · CVE-2012-6504
**Name of the Vulnerable Software and Affected Versions** PHP Volunteer Management version 1.0.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the mods/hours/data/get hours.php file. **Recommendations** For PHP Volunteer Management version 1.0.2, avoid using the `id` parameter in the mods/hours/data/get hours.php file until a patch is available. As a temporary workaround, consider restricting access to the get hours.php file to minimize the risk of exploitation.
PT-2013-1969
4.3
2013-01-24
Php · Php Volunteer Management · CVE-2012-6505
**Name of the Vulnerable Software and Affected Versions** PHP Volunteer Management version 1.0.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in the mods/hours/data/get hours.php file. **Recommendations** For PHP Volunteer Management version 1.0.2, avoid using the `id` parameter in the mods/hours/data/get hours.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the `id` parameter to prevent malicious script injection.
PT-2013-1980
7.5
2013-01-24
Php · Php Ticket System · CVE-2012-6516
**Name of the Vulnerable Software and Affected Versions** PHP Ticket System Beta 1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `q` parameter to the "index.php" endpoint. **Recommendations** For PHP Ticket System Beta 1, consider restricting access to the `q` parameter in the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `q` parameter in the affected endpoint to minimize the risk of exploitation.
PT-2011-5173
4.3
2011-12-29
Winn · Winn Guestbook · CVE-2011-5026
**Name of the Vulnerable Software and Affected Versions** Winn GuestBook versions prior to 2.4.8d **Description** A cross-site scripting (XSS) issue exists in the addPost function, allowing remote attackers to inject arbitrary web script or HTML via the `name` parameter to "index.php". **Recommendations** For versions prior to 2.4.8d, update to version 2.4.8d or later to resolve the issue. As a temporary workaround, consider restricting access to the `addPost` function in "data/functions.php" to minimize the risk of exploitation. Avoid using the `name` parameter in the "index.php" endpoint until the issue is resolved.