Wiccle Iwiccle vulnerabilities
2 known vulnerabilities affecting wiccle/iwiccle.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2009-3217P3HIGHCVSS 7.5PoCv1.012009-09-16
CVE-2009-3217 [HIGH] CWE-89 CVE-2009-3217: SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute a
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
nvd
CVE-2009-3216P4MEDIUMCVSS 4.3PoCv1.012009-09-16
CVE-2009-3216 [MEDIUM] CWE-22 CVE-2009-3216: Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, all
Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the module parameter to index.php.
nvd