Vulnerabilities > John GEO
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-08-23 | CVE-2011-5110 | SQL Injection vulnerability in John GEO Blogs Manager 1.101 Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/. | 7.5 |
2012-08-23 | CVE-2011-5109 | SQL Injection vulnerability in John GEO Freelancer Calendar 1.01 Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory. | 7.5 |