MidnightBSD

Advisories for ordasoft

CVE-2010-1522 HIGH

Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
ordasoft com_booklibrary 1.5.3
CVE-2010-2851 HIGH

SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
ordasoft com_booklibrary 1.5
CVE-2018-5971 HIGH

SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
ordasoft medialibrary 4.0.12
CVE-2018-5982 HIGH

SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
ordasoft advertisement_board 3.1.0