SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vcd-db | vcd-db | 0.97 |
| vcd-db | vcd-db | 0.98 |
| vcd-db | vcd-db | 0.972 |
| vcd-db | vcd-db | 0.971 |
| vcd-db | vcd-db | 0.973 |
| vcd-db | vcd-db | 0.961 |
Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| vcd-db | vcd-db | 0.97 |
| vcd-db | vcd-db | 0.98 |
| vcd-db | vcd-db | 0.972 |
| vcd-db | vcd-db | 0.971 |
| vcd-db | vcd-db | 0.973 |
| vcd-db | vcd-db | 0.961 |