Skymarx Solutions » Xflow : Security Vulnerabilities, CVEs, CVSS score >= 4
xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values.
Max CVSS
5.0
EPSS Score
0.59%
Published
2006-04-19
Updated
2017-07-20
Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.
Max CVSS
7.5
EPSS Score
0.96%
Published
2006-04-19
Updated
2017-07-20
2 vulnerabilities found