cbcvebase.

Wavelink Media Tutorialcms vulnerabilities

4 known vulnerabilities affecting wavelink_media/tutorialcms.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2007-2822P3CRITICALCVSS 9.3PoC≤ 1.012007-05-22
CVE-2007-2822 [CRITICAL] CVE-2007-2822: TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass au TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
nvd
CVE-2007-2599P3HIGHCVSS 7.5PoC≤ 1.002007-05-11
CVE-2007-2599 [HIGH] CVE-2007-2599: Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier all Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.p
nvd
CVE-2008-0254P3MEDIUMCVSS 6.8PoCv1.022008-01-15
CVE-2008-0254 [MEDIUM] CWE-89 CVE-2008-0254: SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magi SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
nvd
CVE-2007-2600P4MEDIUMCVSS 6.8PoC≤ 1.002007-05-11
CVE-2007-2600 [MEDIUM] CVE-2007-2600: Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 an Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search p
nvd
Wavelink Media Tutorialcms vulnerabilities | cvebase