Vulnerabilities > Widget Press
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-05 | CVE-2005-4020 | SQL-Injection vulnerability in Widget Imprint SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | 7.5 |
2005-12-05 | CVE-2005-4017 | property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | 5.0 |
2005-12-05 | CVE-2005-4016 | SQL Injection vulnerability in Widget Press Widget Property 1.1.19 SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | 7.5 |