Butterfly Organizer is prone to multiple cross-site scripting and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Butterfly Organizer 2.0.1 is vulnerable other versions may also be affected.
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- AWCM CMS Multiple Remote File Include Vulnerabilities