SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| batavi | batavi | * |
| batavi | batavi | 1.0.3 |
| batavi | batavi | 1.0.1 |
| batavi | batavi | 1.0.2 |
| batavi | batavi | 1.0 |
| batavi | batavi | 1.0.4 |
| batavi | batavi | 1.1.2 |
| batavi | batavi | 1.1.4 |
| batavi | batavi | 1.1.1 |
| batavi | batavi | 1.0.5 |
| batavi | batavi | 1.0.6 |
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| batavi | batavi | 1.2.2 |