Vulnerabilities > BJ Sintay

DATE	CVE	VULNERABILITY TITLE	RISK
2007-03-03	CVE-2007-1237	Information Exposure vulnerability in BJ Sintay Sitex 0.7.3 sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error. network low complexity bj-sintay CWE-200	5.0
2007-03-03	CVE-2007-1235	Improper Input Validation vulnerability in BJ Sintay Sitex 0.7.3 Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file. network low complexity bj-sintay CWE-20	7.5
2007-03-03	CVE-2007-1234	Cross-Site Scripting vulnerability in BJ Sintay Sitex 0.7.3 Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php. network bj-sintay CWE-79	4.3

Vulnerabilities > BJ Sintay {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"BJ Sintay"}]}