MidnightBSD

Advisories for whatsns

CVE-2019-11450 HIGH

whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
whatsns whatsns 4.0
CVE-2019-11451 MEDIUM

whatsns 4.0 allows index.php?inform/add.html qid SQL injection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
whatsns whatsns 4.0
CVE-2019-11452 MEDIUM

whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL injection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
whatsns whatsns 4.0
CVE-2020-18013 HIGH

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
whatsns whatsns 4.0