Webmastersite: Security Vulnerabilities
WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/prestart.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-24
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
CVSS Score
7.5
EPSS Score
0.01
Published
2011-02-23
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2011-02-23
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-02-22
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-02-23