Vulnerabilities > Videoscript

DATE CVE VULNERABILITY TITLE RISK
2009-05-28 CVE-2009-1804 SQL Injection vulnerability in Videoscript Youtube Video Script
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
network
low complexity
videoscript CWE-89
7.5
2008-11-25 CVE-2008-5219 Improper Authentication vulnerability in Videoscript
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
network
low complexity
videoscript CWE-287
7.5