MidnightBSD

Advisories for campware.org

CVE-2005-4661 MEDIUM

The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
campware.org campsite 2.2.2
CVE-2010-1867 HIGH

SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
campware.org campsite 2.6.9
campware.org campsite 2.2.2
campware.org campsite 2.6.0
campware.org campsite 2.6.1
campware.org campsite 2.7.0
campware.org campsite 3.2.3
campware.org campsite 3.3.0
campware.org campsite 3.1.1
campware.org campsite 3.3.3
campware.org campsite *
campware.org campsite 3.1.0
campware.org campsite 3.1.2
campware.org campsite 3.2.0
campware.org campsite 3.2.2
campware.org campsite 3.2.1
campware.org campsite 3.1.3
campware.org campsite 3.3.1
campware.org campsite 2.5.2
campware.org campsite 3.3.2
campware.org campsite 3.0.3
campware.org campsite 2.4.3
campware.org campsite 2.3.3
campware.org campsite 3.3.4