Greg Donald

Destiney Links Script

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2006-2585

  • EPSS 0.32%
  • Veröffentlicht 25.05.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informat...

5

CVE-2006-2534

  • EPSS 0.38%
  • Veröffentlicht 22.05.2006 23:10:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories.

5

CVE-2006-2535

  • EPSS 1.75%
  • Veröffentlicht 22.05.2006 23:10:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultan...

5.8

CVE-2006-2536

  • EPSS 0.53%
  • Veröffentlicht 22.05.2006 23:10:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields.