Vulnerabilities > VLD Interactive > Vldpersonals
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-11-20 | CVE-2014-9005 | SQL Injection vulnerability in VLD Interactive Vldpersonals Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php. | 7.5 |
2014-11-20 | CVE-2014-9004 | Cross-Site Scripting vulnerability in VLD Interactive Vldpersonals Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. | 4.3 |