Vulnerabilities > Netartmedia > CAR Portal > High

DATE CVE VULNERABILITY TITLE RISK
2013-01-24 CVE-2012-6509 Portal Arbitrary File Upload and HTML Injection vulnerability in Netartmedia CAR Portal 3.0
Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.
network
low complexity
netartmedia
7.5
7.5
2009-02-03 CVE-2009-0395 SQL Injection vulnerability in Netartmedia CAR Portal 1.0
SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
network
low complexity
netartmedia CWE-89
7.5
7.5