Sora

#10319of 53,622
26.8Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2011-1952
7.5
2011-11-02
Unknown · Elite Gaming Ladders · CVE-2010-5017
**Name of the Vulnerable Software and Affected Versions** Elite Gaming Ladders version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `account` parameter in the stats.php file. **Recommendations** For Elite Gaming Ladders version 3.0, consider restricting access to the stats.php file until a patch is available. As a temporary workaround, avoid using the `account` parameter in the stats.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2010-2793
4.3
2010-03-23
Sniggabo · Sniggabo Cms · CVE-2010-1072
**Name of the Vulnerable Software and Affected Versions** Sniggabo CMS version 2.21 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `q` parameter in the "search.php" endpoint. **Recommendations** For Sniggabo CMS version 2.21, avoid using the `q` parameter in the search.php endpoint until a fix is available. As a temporary workaround, consider restricting access to the search functionality to minimize the risk of exploitation.
PT-2010-2703
7.5
2010-03-16
Valve · Left 4 Dead (L4D) Stats · CVE-2010-0980
**Name of the Vulnerable Software and Affected Versions** Left 4 Dead (L4D) Stats version 1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `steamid` parameter in the player.php file. **Recommendations** For version 1.1, avoid using the `steamid` parameter in the player.php file until the issue is resolved. As a temporary workaround, consider restricting access to the player.php file to minimize the risk of exploitation.
PT-2009-6568
7.5
2009-12-29
Jax · Jax Guestbook · CVE-2009-4447
**Name of the Vulnerable Software and Affected Versions** Jax Guestbook version 3.5.0 **Description** The issue allows remote attackers to bypass authentication and modify administrator settings by making a direct request to the "admin/guestbook.admin.php" endpoint. **Recommendations** For Jax Guestbook version 3.5.0, consider restricting access to the "admin/guestbook.admin.php" endpoint until a patch is available.