Intelliants: Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in register.php in eSyndiCat Directory 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email, (3) password, (4) password2, (5) security_code, and (6) register parameters.
CVSS Score
4.3
EPSS Score
0.021
Published
2009-08-10
Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/.
CVSS Score
6.8
EPSS Score
0.02
Published
2009-05-18
SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.
CVSS Score
6.8
EPSS Score
0.001
Published
2009-05-01
Page 7