Vulnerabilities > Openconstructor Project

DATE	CVE	VULNERABILITY TITLE	RISK
2012-12-28	CVE-2012-3873	SQL Injection vulnerability in Openconstructor Project Openconstructor 3.12.0 Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. network low complexity openconstructor-project CWE-89	6.5
2012-12-28	CVE-2012-3872	Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0 Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php. network openconstructor-project CWE-79	4.3
2012-12-28	CVE-2012-3871	Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0 Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. network openconstructor-project CWE-79	3.5
2012-12-28	CVE-2012-3870	Cross-Site Scripting vulnerability in Openconstructor Project Openconstructor 3.12.0 Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter. network openconstructor-project CWE-79	3.5

Vulnerabilities > Openconstructor Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Openconstructor Project"}]}

Vulnerabilities > Openconstructor Project