Galatolo Webmanager
by Gwm
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6300 | 0.03 | — | 0.03 | Feb 26, 2009 | Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2008-6249 | 0.03 | — | 0.00 | Feb 23, 2009 | SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-2700 | 0.03 | — | 0.00 | Jun 13, 2008 | SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-2699 | 0.03 | — | 0.03 | Jun 13, 2008 | Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | ||
| CVE-2008-6108 | 0.00 | — | 0.00 | Feb 10, 2009 | Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter. |
- CVE-2008-6300Feb 26, 2009risk 0.03cvss —epss 0.03
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-6249Feb 23, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2700Jun 13, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2699Jun 13, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php.
- CVE-2008-6108Feb 10, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.