Dieselscripts: Security Vulnerabilities
SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-03-13
SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-03-13
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-09-24
PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.
CVSS Score
7.5
EPSS Score
0.022
Published
2006-08-27
Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter.
CVSS Score
4.3
EPSS Score
0.076
Published
2006-08-27
Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-08-27
Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter.
CVSS Score
4.3
EPSS Score
0.071
Published
2006-08-27
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2006-07-21
Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
CVSS Score
5.0
EPSS Score
0.004
Published
2006-05-23