High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in the database, and gain complete control over the web site.
cafb28bb825188284ca3e1bf56f3c9f0d39b3d6156ac9a33fbbe7021a4072fe2
articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.
f5c21447e511ce77030ac064707ce1de30ed4c18d8ee7ddeeede4dc751d03f3c
ArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162
ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.
97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4f
articleFR CMS version 3.0.5 suffers from a cross site scripting vulnerability.
a7eec6dd3bb01b1d47f2da23b35af63ca219b46a7c1690081c0abac2fbb389cb
articleFR CMS version 3.0.5 suffers from a remote SQL injection vulnerability.
cf0e954b5df6aa5ec410aaab404196e221790b3b12e65427bddab5a4f981b512
articleFR CMS version 3.0.5 suffers from a remote shell upload vulnerability.
d22f88190e4b7574ddc03829fdb82d0a8e70d366f3680baa8810712c85962c4d
ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
7c5659fce0f2f013119ba1cb640fb4096e1cb15afb78f203f05a4d647b441c86
Article Friendly suffers from a local file inclusion vulnerability.
bc6d96165ee0b4314aced6aba236f9bd3f29556c15be47378166e74df0c8237e
Article Friendly suffers from a cross site request forgery vulnerability.
2289f4d4b96fe50966f5f60c77faa635832f9b6e4517c045697eb2c5f817986d
ArticleFriend Script version 2 suffers from a cross site scripting vulnerability in search_advance.php.
fc7bf25516fdf3ca53f943595f1628e2f13310fc5c351f7b965d9f1a0fe13b86
Secunia Security Advisory - MizoZ has reported a vulnerability in ArticleFriend Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
a638aee8eb58754cb8ae00d3c65e04ab3b39b922a3cbb451632a0ec2d5b5007d
Article Friendly Pro and Article Friendly Standard suffer from a SQL injection vulnerability in categorydetail.php.
f28480aef81574fe30a8d8f8bc0c80266e1bdb63b14fd2cde0dd3a3ae3da64bb