Netbizcity : Security Vulnerabilities, CVEs, CVSS score >= 2
FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access.
Max CVSS
6.4
EPSS Score
0.15%
Published
2008-01-04
Updated
2018-10-15
Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts.
Max CVSS
6.8
EPSS Score
0.15%
Published
2008-01-04
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-01-04
Updated
2018-10-15
3 vulnerabilities found