Bananadance Banana Dance : Security vulnerabilities, CVEs published in 2014

Copy

CVE-2012-5244

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.

Max CVSS

7.5

EPSS Score

0.91%

Published

2014-10-20

Updated

2017-08-29

CVE-2012-5243

functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Max CVSS

5.0

EPSS Score

0.53%

Published

2014-10-21

Updated

2014-10-24

CVE-2012-5242

Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

Max CVSS

6.8

EPSS Score

0.63%

Published

2014-10-21

Updated

2014-10-24

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!