Softbiz » Web Hosting Directory Script : Security Vulnerabilities, CVEs,
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.
Max CVSS
6.8
EPSS Score
0.26%
Published
2008-05-06
Updated
2018-10-11
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
Max CVSS
7.5
EPSS Score
0.65%
Published
2005-11-26
Updated
2017-07-11
2 vulnerabilities found