Filtered by vendor Smeweb Subscriptions
Filtered by product Smeweb Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-2652 1 Smeweb 1 Smeweb 2024-11-21 N/A
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
CVE-2008-2644 1 Smeweb 1 Smeweb 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php.