Vulnerabilities > Pilotgroup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-29 | CVE-2017-15969 | SQL Injection vulnerability in Pilotgroup Allsharevideo 1.0 PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. | 7.5 |
| 2010-06-21 | CVE-2010-2356 | Cross-Site Scripting vulnerability in Pilotgroup Elms PRO Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter. | 4.3 |
| 2010-06-21 | CVE-2010-2355 | Cross-Site Scripting vulnerability in Pilotgroup Elms PRO Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
| 2010-06-21 | CVE-2010-2354 | SQL Injection vulnerability in Pilotgroup Elms PRO SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter. | 7.5 |
| 2009-10-01 | CVE-2009-3513 | Cross-Site Scripting vulnerability in Pilotgroup PG Etraining Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php. | 4.3 |
| 2009-02-11 | CVE-2008-6117 | SQL Injection vulnerability in Pilotgroup PG JOB Site PRO SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action. | 7.5 |