Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-7123 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php. | |||||
CVE-2006-7124 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | |||||
CVE-2006-7125 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. | |||||
CVE-2006-7126 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF. | |||||
CVE-2006-7122 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. | |||||
CVE-2006-4995 | 1 Joomla | 1 Bsq Sitestats | 2008-09-05 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |