CVE-2008-0254
- EPSS 0.49%
- Veröffentlicht 15.01.2008 20:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
CVE-2007-2822
- EPSS 14.01%
- Veröffentlicht 22.05.2007 21:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.p...
CVE-2007-2599
- EPSS 2.29%
- Veröffentlicht 11.05.2007 10:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter...
CVE-2007-2600
- EPSS 9.2%
- Veröffentlicht 11.05.2007 10:19:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; th...