Summary
Detail | |||
---|---|---|---|
Vendor | Absolutengine | First view | 2015-01-02 |
Product | Absolut Engine | Last view | 2015-01-02 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:absolutengine:absolut_engine:1.73:*:*:*:*:*:*:* | 2 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2015-01-02 | CVE-2014-9435 | Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. |
3.5 | 2015-01-02 | CVE-2014-9434 | Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |