Quirm Saxon : Security vulnerabilities, CVEs

Copy

CVE-2007-4863

SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.

Max CVSS

6.8

EPSS Score

0.15%

Published

2007-10-30

Updated

2018-10-15

CVE-2007-4862

Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.

Max CVSS

4.3

EPSS Score

0.80%

Published

2007-10-30

Updated

2018-10-15

CVE-2007-4861

SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

Max CVSS

5.0

EPSS Score

0.80%

Published

2007-10-30

Updated

2018-10-15

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!