Vulnerabilities > I Escorts
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-05-11 | CVE-2009-4865 | SQL Injection vulnerability in I-Escorts products Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. | 6.8 |
2010-05-11 | CVE-2009-4864 | Cross-Site Scripting vulnerability in I-Escorts products Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. | 4.3 |
2010-01-06 | CVE-2009-4574 | SQL Injection vulnerability in I-Escorts Directory Script SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | 7.5 |