Vulnerabilities > Dotproject > Dotproject > 2.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-02 | CVE-2008-3887 | SQL Injection vulnerability in Dotproject 2.1.2 Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action. | 6.0 |
2008-09-02 | CVE-2008-3886 | Cross-Site Scripting vulnerability in Dotproject 2.1.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action. | 4.3 |