MidnightBSD

Advisories for eicrasoft

CVE-2010-0631 HIGH

Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
eicrasoft eicra_car_rental-script *
CVE-2010-2357 HIGH

SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
eicrasoft eicra_realestate_script 1.6.0
eicrasoft eicra_realestate_script 1.0