GCVE - cpe:2.3:a:maianscriptworld:maian_uploader:4.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:maianscriptworld:maian_uploader:4.0:*:*:*:*:*:*:*

part: a version: 4.0 update: *

Vendor	Maianscriptworld (`4dbef072-70cc-5b6c-b5bf-d22360387add`)
Product	Maian Uploader (`b563ac64-d2fc-54ef-855d-b5ebbb7ca44e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-10006`	vulnerable	2026-06-03 14:33:40.762763	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Published: 2015-01-13T11:00:00.000Z Updated: 2024-09-16T22:02:33.756Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/124918	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-10005`	vulnerable	2026-06-03 14:33:40.762480	Details available Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. Published: 2015-01-13T11:00:00.000Z Updated: 2024-09-17T01:01:08.799Z Open on db.gcve.eu Reference links http://www.osvdb.org/102487 http://packetstormsecurity.com/files/124918	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-10004`	vulnerable	2026-06-03 14:33:40.762093	Details available SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Published: 2015-01-13T11:00:00.000Z Updated: 2024-08-06T14:02:38.131Z Open on db.gcve.eu Reference links http://osvdb.org/102488 https://exchange.xforce.ibmcloud.com/vulnerabilities/90715 http://packetstormsecurity.com/files/124918	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2202`	vulnerable	2026-06-03 14:28:43.586276	Details available Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Published: 2008-05-14T17:00:00.000Z Updated: 2024-08-07T08:49:58.543Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/491599/100/0/threaded http://secunia.com/advisories/30096 http://securityreason.com/securityalert/3882 https://exchange.xforce.ibmcloud.com/vulnerabilities/42203 http://www.securityfocus.com/bid/29051	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Maian Uploader

PURL mappings

Vulnerability references

Contribute