Vulnerabilities > Badongo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-28 | CVE-2008-2493 | Cross-Site Scripting vulnerability in Badongo Campus Bulletin Board 3.4 Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus Bulletin Board 3.4 allows remote attackers to inject arbitrary web script or HTML via the review parameter. | 4.3 |
2008-05-28 | CVE-2008-2492 | SQL Injection vulnerability in Badongo Campus Bulletin Board 3.4 Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp. | 7.5 |
2008-05-28 | CVE-2008-2479 | SQL Injection vulnerability in Badongo PHPfix 2.0 Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php. | 6.8 |