- EPSS 0.43%
- Veröffentlicht 06.02.2008 12:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.
CVE-2008-0616
- EPSS 0.73%
- Veröffentlicht 06.02.2008 12:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue cro...
CVE-2008-0617
- EPSS 0.45%
- Veröffentlicht 06.02.2008 12:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in th...
CVE-2008-0618
- EPSS 0.4%
- Veröffentlicht 06.02.2008 12:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspeci...