Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EasyE-Cards多个SQL注入及跨站脚本漏洞
Vulnerability Description
EasyE-Cards是用PHP编写的发送电子贺卡的工具。 EasyE-Cards的staticpages/easyecards/index.php文件中没有正确地验证对ResultHtml、dir、SenderName、RecipientName、SenderMail和RecipientMail参数的输入便返回给了用户,远程攻击者可以通过跨站脚本攻击在用户浏览器会话中执行任意HTML和脚本代码;该文件中没有正确地验证对sid参数的输入便在SQL查询中使用,这允许攻击者执行SQL注入攻击。成功利用这个漏洞
CVSS Information
N/A
Vulnerability Type
N/A