Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory.
Max CVSS
6.8
EPSS Score
1.28%
Published
2008-06-10
Updated
2017-09-29
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-06-10
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-06-10
Updated
2017-09-29
PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
Max CVSS
9.3
EPSS Score
8.50%
Published
2007-11-22
Updated
2017-09-29
4 vulnerabilities found