Vulnerabilities > Comersus Open Technologies > Comersus Backoffice Lite > High

DATE	CVE	VULNERABILITY TITLE	RISK
2005-05-02	CVE-2005-0302	SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. network low complexity comersus-open-technologies	7.5
2005-05-02	CVE-2005-0301	Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1 comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. network low complexity comersus-open-technologies	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.