Vulnerabilities > Dsportal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-15 | CVE-2006-1238 | SQL Injection vulnerability in Dsportal Dslogin 1.0 SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php. | 5.1 |
| 2006-03-15 | CVE-2006-1237 | SQL Injection vulnerability in Dsportal Dsnewsletter 1.0 Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php. | 7.5 |
| 2006-03-14 | CVE-2006-1234 | SQL Injection vulnerability in Dsportal Dscounter 1.2 SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | 5.1 |
| 2006-03-14 | CVE-2006-1232 | SQL-Injection vulnerability in Dsportal Dsdownload 1.0 Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | 7.5 |
| 2006-03-14 | CVE-2006-1217 | SQL Injection vulnerability in Dsportal Dspoll 1.1 SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. | 7.5 |