High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in the database, and gain complete control over the web site.
cafb28bb825188284ca3e1bf56f3c9f0d39b3d6156ac9a33fbbe7021a4072fe2articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.
f5c21447e511ce77030ac064707ce1de30ed4c18d8ee7ddeeede4dc751d03f3cArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.
97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4farticleFR CMS version 3.0.5 suffers from a cross site scripting vulnerability.
a7eec6dd3bb01b1d47f2da23b35af63ca219b46a7c1690081c0abac2fbb389cbarticleFR CMS version 3.0.5 suffers from a remote SQL injection vulnerability.
cf0e954b5df6aa5ec410aaab404196e221790b3b12e65427bddab5a4f981b512articleFR CMS version 3.0.5 suffers from a remote shell upload vulnerability.
d22f88190e4b7574ddc03829fdb82d0a8e70d366f3680baa8810712c85962c4dArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
7c5659fce0f2f013119ba1cb640fb4096e1cb15afb78f203f05a4d647b441c86Article Friendly suffers from a local file inclusion vulnerability.
bc6d96165ee0b4314aced6aba236f9bd3f29556c15be47378166e74df0c8237eArticle Friendly suffers from a cross site request forgery vulnerability.
2289f4d4b96fe50966f5f60c77faa635832f9b6e4517c045697eb2c5f817986dArticleFriend Script version 2 suffers from a cross site scripting vulnerability in search_advance.php.
fc7bf25516fdf3ca53f943595f1628e2f13310fc5c351f7b965d9f1a0fe13b86Secunia Security Advisory - MizoZ has reported a vulnerability in ArticleFriend Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
a638aee8eb58754cb8ae00d3c65e04ab3b39b922a3cbb451632a0ec2d5b5007dArticle Friendly Pro and Article Friendly Standard suffer from a SQL injection vulnerability in categorydetail.php.
f28480aef81574fe30a8d8f8bc0c80266e1bdb63b14fd2cde0dd3a3ae3da64bb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed