Vulnerabilities > VLD Interactive > Vldpersonals

DATE CVE VULNERABILITY TITLE RISK
2014-11-20 CVE-2014-9005 SQL Injection vulnerability in VLD Interactive Vldpersonals
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
network
low complexity
vld-interactive CWE-89
7.5
7.5
2014-11-20 CVE-2014-9004 Cross-Site Scripting vulnerability in VLD Interactive Vldpersonals
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. 		4.3
4.3