Trew

Researcher fromICEnetX Team
#13917of 53,622
19.3Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2008-1900
7.5
2008-01-15
Matteo Binda · Matteo Binda Asp Photo Gallery · CVE-2008-0256
**Name of the Vulnerable Software and Affected Versions** Matteo Binda ASP Photo Gallery version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to API endpoints such as "Imgbig.asp", "thumb.asp", and "thumbricerca.asp", as well as the `ricerca` parameter to the "thumbricerca.asp" endpoint. **Recommendations** For Matteo Binda ASP Photo Gallery version 1.0, consider restricting access to the `id` and `ricerca` parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `id` parameter in "Imgbig.asp", "thumb.asp", and "thumbricerca.asp", and the `ricerca` parameter in "thumbricerca.asp" to minimize the risk of exploitation.
PT-2007-5897
4.3
2007-09-06
Akobook · Akobook · CVE-2007-4745
Name of the Vulnerable Software and Affected Versions: AkoBook versions 3.42 and earlier Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via Javascript events in the `gbmail` and `gbpage` parameters in the sign function. Recommendations: For AkoBook versions 3.42 and earlier, update to a version later than 3.42 to resolve the issue. As a temporary workaround, consider restricting access to the sign function to minimize the risk of exploitation. Avoid using the `gbmail` and `gbpage` parameters in the sign function until the issue is resolved.
PT-2007-1859
7.5
2007-01-19
Woltlab · Woltlab Burning Board · CVE-2007-0388
Name of the Vulnerable Software and Affected Versions: Woltlab Burning Board (wBB) versions 1.0.2 and earlier Woltlab Burning Board (wBB) versions 2.3.6 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `boardids[1]` and other `boardids[]` parameters in the "search.php" file. Recommendations: For versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue. For versions 2.3.6 and earlier in the 2.x series, update to a version later than 2.3.6 to resolve the issue. As a temporary workaround, consider restricting access to the `search.php` file or limiting the use of the `boardids[]` parameters until a patch is available.