Vulnerabilities > Primoris Software

DATE CVE VULNERABILITY TITLE RISK
2006-06-12 CVE-2006-2954 Input Validation vulnerability in OfficeFlow
SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter.
network
low complexity
primoris-software
7.5
2006-06-12 CVE-2006-2953 Input Validation vulnerability in OfficeFlow
Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter.
4.3