MidnightBSD

Advisories for kmsoft

CVE-2010-0978 MEDIUM

KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
kmsoft guestbook 1.0
CVE-2010-4987 HIGH

SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
kmsoft guestbook -