MidnightBSD

Advisories for batavi

CVE-2012-0069 HIGH

SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
batavi batavi *
batavi batavi 1.0.3
batavi batavi 1.0.1
batavi batavi 1.0.2
batavi batavi 1.0
batavi batavi 1.0.4
batavi batavi 1.1.2
batavi batavi 1.1.4
batavi batavi 1.1.1
batavi batavi 1.0.5
batavi batavi 1.0.6
CVE-2013-2289 MEDIUM

Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
batavi batavi 1.2.2