Alstrasoft ≫ Article Manager Pro

SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.

SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can ...

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without ...

Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Styl...