Babygekko
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5699 | 0.04 | — | 0.05 | Jan 23, 2020 | BabyGekko before 1.2.4 allows PHP file inclusion. | |||
| CVE-2012-5698 | 0.03 | — | 0.02 | Jan 23, 2020 | BabyGekko before 1.2.4 has SQL injection. | |||
| CVE-2012-5700 | 0.03 | — | 0.02 | Sep 22, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to… | |||
| CVE-2012-3838 | 0.03 | — | 0.03 | Jul 3, 2012 | Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. | |||
| CVE-2012-3837 | 0.03 | — | 0.02 | Jul 3, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname,… | |||
| CVE-2012-3836 | 0.03 | — | 0.02 | Jul 3, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street,… |
- CVE-2012-5699Jan 23, 2020risk 0.04cvss —epss 0.05
BabyGekko before 1.2.4 allows PHP file inclusion.
- CVE-2012-5698Jan 23, 2020risk 0.03cvss —epss 0.02
BabyGekko before 1.2.4 has SQL injection.
- CVE-2012-5700Sep 22, 2014risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to…
- CVE-2012-3838Jul 3, 2012risk 0.03cvss —epss 0.03
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.
- CVE-2012-3837Jul 3, 2012risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname,…
- CVE-2012-3836Jul 3, 2012risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street,…