Vulnerabilities > John GEO

DATE CVE VULNERABILITY TITLE RISK
2012-08-23 CVE-2011-5110 SQL Injection vulnerability in John GEO Blogs Manager 1.101
Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/.
network
low complexity
john-geo CWE-89
7.5
2012-08-23 CVE-2011-5109 SQL Injection vulnerability in John GEO Freelancer Calendar 1.01
Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory.
network
low complexity
john-geo CWE-89
7.5