Vulnerabilities > Dian Gemilang
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-04 | CVE-2007-2994 | SQL Injection vulnerability in Dian Gemilang Dgnews 2.1 SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. | 7.5 |
2007-05-30 | CVE-2007-0694 | Cross-Site Scripting vulnerability in Dian Gemilang Dgnews 2.1 Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. network dian-gemilang | 4.3 |
2007-05-30 | CVE-2007-0693 | SQL Injection vulnerability in Dgnews 1.5.1/2.1 SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. network dian-gemilang | 6.8 |
2006-05-24 | CVE-2006-2573 | SQL-Injection vulnerability in Dian Gemilang Dgbook 1.0 SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. | 5.1 |
2006-05-24 | CVE-2006-2572 | HTML Injection vulnerability in Dian Gemilang Dgbook 1.0 Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | 2.6 |