Logoshows Bbs vulnerabilities
4 known vulnerabilities affecting logoshows/logoshows_bbs.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2009-4546P3HIGHCVSS 7.5PoCv2.02010-01-04
CVE-2009-4546 [HIGH] CWE-20 CVE-2009-4546: globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and g
globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies.
nvd
CVE-2009-4872P3HIGHCVSS 7.5PoCv2.02010-05-11
CVE-2009-4872 [HIGH] CWE-89 CVE-2009-4872: Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
nvd
CVE-2009-4871P3HIGHCVSS 7.5PoCv2.02010-05-11
CVE-2009-4871 [HIGH] CWE-89 CVE-2009-4871: SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
nvd
CVE-2009-4545P3MEDIUMCVSS 5.0PoCv2.02010-01-04
CVE-2009-4545 [MEDIUM] CWE-264 CVE-2009-4545: Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control,
Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb.
nvd