Vulnerabilites related to pacercms - pacercms
Vulnerability from fkie_nvd
Published
2008-01-23 22:00
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message.
References
cve@mitre.orghttp://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/
cve@mitre.orghttp://secunia.com/advisories/28605Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/486796/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27386Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/39832
af854a3a-2127-422b-91ae-364da2661108http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28605Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/486796/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27386Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39832
Impacted products
Vendor Product Version
pacercms pacercms *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pacercms:pacercms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F2A4EA3-1C4A-46D9-833E-C10636E9773B",
              "versionEndIncluding": "0.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo submit.php en PacerCMS versiones anteriores a 0.6.1, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del campo (1) name, (2) headline o (3) text en un mensaje ."
    }
  ],
  "id": "CVE-2008-0426",
  "lastModified": "2024-11-21T00:42:04.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-01-23T22:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28605"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27386"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39832"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-09-24 22:17
Modified
2024-11-21 00:37
Severity ?
Summary
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
References
cve@mitre.orghttp://osvdb.org/40596
cve@mitre.orghttp://osvdb.org/41422
cve@mitre.orghttp://osvdb.org/41426
cve@mitre.orghttp://osvdb.org/41427
cve@mitre.orghttp://osvdb.org/41428
cve@mitre.orghttp://secunia.com/advisories/26928Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28859Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28873Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28874Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28886Vendor Advisory
cve@mitre.orghttp://www.attrition.org/pipermail/vim/2007-September/001800.htmlExploit
cve@mitre.orghttp://www.securityfocus.com/bid/25768
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3261
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36733
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/40389
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/40393
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/40395
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/40396
cve@mitre.orghttps://www.exploit-db.com/exploits/4442
cve@mitre.orghttps://www.exploit-db.com/exploits/5090
cve@mitre.orghttps://www.exploit-db.com/exploits/5091
cve@mitre.orghttps://www.exploit-db.com/exploits/5097
cve@mitre.orghttps://www.exploit-db.com/exploits/5098
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/40596
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41422
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41426
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41427
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41428
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26928Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28859Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28873Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28874Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28886Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.attrition.org/pipermail/vim/2007-September/001800.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25768
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3261
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36733
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40389
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40393
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40395
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40396
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4442
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/5090
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/5091
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/5097
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/5098
Impacted products
Vendor Product Version
adodb_lite adodb_lite *
cmsmadesimple cms_made_simple *
journalness journalness *
open-realty open-realty *
pacercms pacercms *
sapid sapid_cmf *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adodb_lite:adodb_lite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7145D0-2043-42D2-B2C5-56271595534F",
              "versionEndIncluding": "1.42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B439441E-3421-44BA-BBD0-4D23C582AD00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:journalness:journalness:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F8DC33-618D-480D-A42B-3E86E612A862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:open-realty:open-realty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9B4A04-AFD2-4841-A4CB-CF89C4332884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pacercms:pacercms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4001203-43C4-4EC4-8CEA-B716847B85DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sapid:sapid_cmf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2658BB12-6F19-460B-9BD8-93ECC775E506",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n Eval en el archivo adodb-perf-module.inc.php en ADOdb Lite versiones 1.42 y anteriores, como es usado en productos como CMS Made Simple, SAPID CMF, Journalness, PacerCMS y Open-Realty, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de secuencias PHP en el par\u00e1metro last_module."
    }
  ],
  "id": "CVE-2007-5056",
  "lastModified": "2024-11-21T00:37:02.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-24T22:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/40596"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41422"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41426"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41427"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41428"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26928"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28859"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28873"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28874"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28886"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25768"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3261"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4442"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5090"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5091"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5097"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/5098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/40596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/5098"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-01-25 00:00
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.
References
cve@mitre.orghttp://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/Patch
cve@mitre.orghttp://securityreason.com/securityalert/3574
cve@mitre.orghttp://www.securityfocus.com/archive/1/486796/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27397Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/39833
af854a3a-2127-422b-91ae-364da2661108http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/Patch
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3574
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/486796/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27397Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39833
Impacted products
Vendor Product Version
pacercms pacercms 0.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pacercms:pacercms:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F994223-6A8F-4633-9821-938EEB36F45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PacerCMS 0.6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro id a (1) siteadmin/article-edit.php; y par\u00e1metros no especificados a (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, y (6) staff-access.php en siteadmin/."
    }
  ],
  "id": "CVE-2008-0451",
  "lastModified": "2024-11-21T00:42:07.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-25T00:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3574"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27397"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39833"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2007-5056
Vulnerability from cvelistv5
Published
2007-09-24 22:00
Modified
2024-08-07 15:17
Severity ?
Summary
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/40395vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/25768vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/40396vdb-entry, x_refsource_XF
http://osvdb.org/40596vdb-entry, x_refsource_OSVDB
https://www.exploit-db.com/exploits/5098exploit, x_refsource_EXPLOIT-DB
https://exchange.xforce.ibmcloud.com/vulnerabilities/40389vdb-entry, x_refsource_XF
http://secunia.com/advisories/28886third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3261vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/26928third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/41422vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/40393vdb-entry, x_refsource_XF
http://osvdb.org/41426vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/28874third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/36733vdb-entry, x_refsource_XF
https://www.exploit-db.com/exploits/5090exploit, x_refsource_EXPLOIT-DB
http://osvdb.org/41428vdb-entry, x_refsource_OSVDB
https://www.exploit-db.com/exploits/5097exploit, x_refsource_EXPLOIT-DB
http://www.attrition.org/pipermail/vim/2007-September/001800.htmlmailing-list, x_refsource_VIM
http://secunia.com/advisories/28873third-party-advisory, x_refsource_SECUNIA
https://www.exploit-db.com/exploits/4442exploit, x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/5091exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/28859third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/41427vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openrealty-lastmodule-code-execution(40395)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
          },
          {
            "name": "25768",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25768"
          },
          {
            "name": "sapidcmf-lastmodule-code-execution(40396)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
          },
          {
            "name": "40596",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/40596"
          },
          {
            "name": "5098",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5098"
          },
          {
            "name": "pacercms-lastmodule-code-execution(40389)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
          },
          {
            "name": "28886",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28886"
          },
          {
            "name": "ADV-2007-3261",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3261"
          },
          {
            "name": "26928",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26928"
          },
          {
            "name": "41422",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41422"
          },
          {
            "name": "journalness-lastmodule-code-execution(40393)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
          },
          {
            "name": "41426",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41426"
          },
          {
            "name": "28874",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28874"
          },
          {
            "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
          },
          {
            "name": "5090",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5090"
          },
          {
            "name": "41428",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41428"
          },
          {
            "name": "5097",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5097"
          },
          {
            "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
          },
          {
            "name": "28873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28873"
          },
          {
            "name": "4442",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4442"
          },
          {
            "name": "5091",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/5091"
          },
          {
            "name": "28859",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28859"
          },
          {
            "name": "41427",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41427"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openrealty-lastmodule-code-execution(40395)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
        },
        {
          "name": "25768",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25768"
        },
        {
          "name": "sapidcmf-lastmodule-code-execution(40396)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
        },
        {
          "name": "40596",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/40596"
        },
        {
          "name": "5098",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5098"
        },
        {
          "name": "pacercms-lastmodule-code-execution(40389)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
        },
        {
          "name": "28886",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28886"
        },
        {
          "name": "ADV-2007-3261",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3261"
        },
        {
          "name": "26928",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26928"
        },
        {
          "name": "41422",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41422"
        },
        {
          "name": "journalness-lastmodule-code-execution(40393)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
        },
        {
          "name": "41426",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41426"
        },
        {
          "name": "28874",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28874"
        },
        {
          "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
        },
        {
          "name": "5090",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5090"
        },
        {
          "name": "41428",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41428"
        },
        {
          "name": "5097",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5097"
        },
        {
          "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
        },
        {
          "name": "28873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28873"
        },
        {
          "name": "4442",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4442"
        },
        {
          "name": "5091",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/5091"
        },
        {
          "name": "28859",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28859"
        },
        {
          "name": "41427",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41427"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5056",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openrealty-lastmodule-code-execution(40395)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40395"
            },
            {
              "name": "25768",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25768"
            },
            {
              "name": "sapidcmf-lastmodule-code-execution(40396)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40396"
            },
            {
              "name": "40596",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/40596"
            },
            {
              "name": "5098",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5098"
            },
            {
              "name": "pacercms-lastmodule-code-execution(40389)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40389"
            },
            {
              "name": "28886",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28886"
            },
            {
              "name": "ADV-2007-3261",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3261"
            },
            {
              "name": "26928",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26928"
            },
            {
              "name": "41422",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41422"
            },
            {
              "name": "journalness-lastmodule-code-execution(40393)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40393"
            },
            {
              "name": "41426",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41426"
            },
            {
              "name": "28874",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28874"
            },
            {
              "name": "cmsmadesimple-adodbperfmod-code-execution(36733)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36733"
            },
            {
              "name": "5090",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5090"
            },
            {
              "name": "41428",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41428"
            },
            {
              "name": "5097",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5097"
            },
            {
              "name": "20070924 CMS Made Simple eval injection is really an ADOdb Lite problem",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-September/001800.html"
            },
            {
              "name": "28873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28873"
            },
            {
              "name": "4442",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4442"
            },
            {
              "name": "5091",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/5091"
            },
            {
              "name": "28859",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28859"
            },
            {
              "name": "41427",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41427"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5056",
    "datePublished": "2007-09-24T22:00:00",
    "dateReserved": "2007-09-24T00:00:00",
    "dateUpdated": "2024-08-07T15:17:28.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0426
Vulnerability from cvelistv5
Published
2008-01-23 21:00
Modified
2024-08-07 07:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/39832vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/486796/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/27386vdb-entry, x_refsource_BID
http://secunia.com/advisories/28605third-party-advisory, x_refsource_SECUNIA
http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:54.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "pacercms-submit-xss(39832)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39832"
          },
          {
            "name": "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
          },
          {
            "name": "27386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27386"
          },
          {
            "name": "28605",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "pacercms-submit-xss(39832)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39832"
        },
        {
          "name": "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
        },
        {
          "name": "27386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27386"
        },
        {
          "name": "28605",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0426",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "pacercms-submit-xss(39832)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39832"
            },
            {
              "name": "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
            },
            {
              "name": "27386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27386"
            },
            {
              "name": "28605",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28605"
            },
            {
              "name": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/",
              "refsource": "CONFIRM",
              "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0426",
    "datePublished": "2008-01-23T21:00:00",
    "dateReserved": "2008-01-23T00:00:00",
    "dateUpdated": "2024-08-07T07:46:54.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0451
Vulnerability from cvelistv5
Published
2008-01-24 23:00
Modified
2024-08-07 07:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/39833vdb-entry, x_refsource_XF
http://securityreason.com/securityalert/3574third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/archive/1/486796/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/x_refsource_MISC
http://www.securityfocus.com/bid/27397vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:54.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "pacercms-articleedit-sql-injection(39833)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39833"
          },
          {
            "name": "3574",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3574"
          },
          {
            "name": "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
          },
          {
            "name": "27397",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27397"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "pacercms-articleedit-sql-injection(39833)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39833"
        },
        {
          "name": "3574",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3574"
        },
        {
          "name": "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
        },
        {
          "name": "27397",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27397"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "pacercms-articleedit-sql-injection(39833)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39833"
            },
            {
              "name": "3574",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3574"
            },
            {
              "name": "20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486796/100/0/threaded"
            },
            {
              "name": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/",
              "refsource": "MISC",
              "url": "http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/"
            },
            {
              "name": "27397",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27397"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0451",
    "datePublished": "2008-01-24T23:00:00",
    "dateReserved": "2008-01-24T00:00:00",
    "dateUpdated": "2024-08-07T07:46:54.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}