Collector Mycolex vulnerabilities
3 known vulnerabilities affecting collector/mycolex.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2009-1810P3MEDIUMCVSS 6.0PoCv1.4.22009-05-29
CVE-2009-1810 [MEDIUM] CWE-89 CVE-2009-1810: Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (
nvd
CVE-2009-1825P4MEDIUMCVSS 4.0PoCv1.4.22009-05-29
CVE-2009-1825 [MEDIUM] CWE-287 CVE-2009-1825: modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows re
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
nvd
CVE-2009-1809P4MEDIUMCVSS 4.3PoCv1.4.22009-05-29
CVE-2009-1809 [MEDIUM] CWE-79 CVE-2009-1809: Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to injec
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modul
nvd