VYPR

Pro

by Esyndicat

CVEs (4)

  • CVE-2011-5177Sep 20, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to…

  • CVE-2008-3299Jul 25, 2008
    risk 0.03cvss epss 0.06

    eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-3811Jul 17, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.

  • CVE-2007-2785May 21, 2007
    risk 0.00cvss epss 0.01

    manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.