cbcvebase.

Alstrasoft Article Manager Pro vulnerabilities

5 known vulnerabilities affecting alstrasoft/article_manager_pro.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2008-5649P3CRITICALCVSS 10.0PoCv1.62008-12-17
CVE-2008-5649 [CRITICAL] CWE-89 CVE-2008-5649: SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote a SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
nvd
CVE-2006-2565P4HIGHCVSS 7.5v1.62006-05-24
CVE-2006-2565 [HIGH] CVE-2006-2565: SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.
nvd
CVE-2006-2567P4MEDIUMCVSS 4.3v1.62006-05-24
CVE-2006-2567 [MEDIUM] CVE-2006-2567: Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.
nvd
CVE-2007-4082P4MEDIUMCVSS 4.3≤ 1.62007-07-30
CVE-2007-4082 [MEDIUM] CVE-2007-4082: Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
nvd
CVE-2006-2566P4MEDIUMCVSS 5.0v1.62006-05-24
CVE-2006-2566 [MEDIUM] CVE-2006-2566: Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages.
nvd
Alstrasoft Article Manager Pro vulnerabilities | cvebase