Vulnerabilities > Samedia

DATE CVE VULNERABILITY TITLE RISK
2012-11-17 CVE-2012-5900 SQL Injection vulnerability in Samedia Landshop 0.9.2
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
network
low complexity
samedia CWE-89
7.5
7.5
2012-11-17 CVE-2012-5899 Cross-Site Scripting vulnerability in Samedia Landshop 0.9.2
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action.
network
samedia CWE-79
4.3
4.3
2012-11-17 CVE-2012-5898 Cross-Site Request Forgery (CSRF) vulnerability in Samedia Landshop 0.9.2
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
network
samedia CWE-352
6.8
6.8
2006-11-15 CVE-2006-5915 Input Validation vulnerability in Samedia LandShop LS.PHP
Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter.
network
samedia
6.8
6.8
2006-11-15 CVE-2006-5914 Input Validation vulnerability in Samedia LandShop LS.PHP
SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter.
network
low complexity
samedia
7.5
7.5