Fretsweb Project Fretsweb vulnerabilities
2 known vulnerabilities affecting fretsweb_project/fretsweb.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2009-2113P3HIGHCVSS 7.5PoCv1.22009-06-18
CVE-2009-2113 [HIGH] CWE-89 CVE-2009-2113: Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary S
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
nvd
CVE-2009-2109P3MEDIUMCVSS 5.0PoCv1.22009-06-18
CVE-2009-2109 [MEDIUM] CWE-22 CVE-2009-2109: Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrar
Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.
nvd