Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| seagullproject.org | seagull | 0.6.7 |
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| seagullproject.org | seagull | 0.6.1 |
| seagullproject.org | seagull | 0.4.7 |
| seagullproject.org | seagull | 0.6.2 |
| seagullproject.org | seagull | 0.6.6 |
| seagullproject.org | seagull | 0.6.4 |
| seagullproject.org | seagull | * |
| seagullproject.org | seagull | 0.6.3 |
| seagullproject.org | seagull | 0.6.0 |
| seagullproject.org | seagull | 0.6.5 |
| seagullproject.org | seagull | 0.4.6 |