Search

Find a vulnerability

Search criteria

    12 vulnerabilities by bananadance

    CVE-2012-5243 (GCVE-0-2012-5243)

    Vulnerability from nvd – Published: 2014-10-21 14:00 – Updated: 2024-08-06 20:58
    VLAI
    Summary
    functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.exploit-db.com/exploits/23573 exploitx_refsource_EXPLOIT-DB
    https://www.htbridge.com/advisory/HTB23118 x_refsource_MISC
    Date Public
    2012-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:58:03.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23573",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/23573"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23118"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-21T11:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23573",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/23573"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23118"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5243",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23573",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/23573"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23118",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23118"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5243",
        "datePublished": "2014-10-21T14:00:00.000Z",
        "dateReserved": "2012-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:58:03.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5242 (GCVE-0-2012-5242)

    Vulnerability from nvd – Published: 2014-10-21 14:00 – Updated: 2024-08-06 20:58
    VLAI
    Summary
    Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.exploit-db.com/exploits/23573 exploitx_refsource_EXPLOIT-DB
    https://www.htbridge.com/advisory/HTB23118 x_refsource_MISC
    Date Public
    2012-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:58:03.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23573",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/23573"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23118"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-21T11:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23573",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/23573"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23118"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23573",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/23573"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23118",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23118"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5242",
        "datePublished": "2014-10-21T14:00:00.000Z",
        "dateReserved": "2012-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:58:03.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5244 (GCVE-0-2012-5244)

    Vulnerability from nvd – Published: 2014-10-20 14:00 – Updated: 2024-08-06 20:58
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.exploit-db.com/exploits/23573/ exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/88537 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/88536 vdb-entryx_refsource_OSVDB
    http://osvdb.org/88535 vdb-entryx_refsource_OSVDB
    https://www.htbridge.com/advisory/HTB23118 x_refsource_MISC
    http://osvdb.org/88538 vdb-entryx_refsource_OSVDB
    Date Public
    2012-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:58:03.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23573",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/23573/"
              },
              {
                "name": "88537",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88537"
              },
              {
                "name": "banana-dance-ajax-sql-injection(80746)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
              },
              {
                "name": "88536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88536"
              },
              {
                "name": "88535",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88535"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23118"
              },
              {
                "name": "88538",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88538"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23573",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/23573/"
            },
            {
              "name": "88537",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88537"
            },
            {
              "name": "banana-dance-ajax-sql-injection(80746)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
            },
            {
              "name": "88536",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88536"
            },
            {
              "name": "88535",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88535"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23118"
            },
            {
              "name": "88538",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88538"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23573",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/23573/"
                },
                {
                  "name": "88537",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88537"
                },
                {
                  "name": "banana-dance-ajax-sql-injection(80746)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
                },
                {
                  "name": "88536",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88536"
                },
                {
                  "name": "88535",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88535"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23118",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23118"
                },
                {
                  "name": "88538",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88538"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5244",
        "datePublished": "2014-10-20T14:00:00.000Z",
        "dateReserved": "2012-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:58:03.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5176 (GCVE-0-2011-5176)

    Vulnerability from nvd – Published: 2012-09-15 17:00 – Updated: 2024-09-17 04:14
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5176",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
                  "refsource": "MISC",
                  "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
                },
                {
                  "name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
                  "refsource": "CONFIRM",
                  "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5176",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-09-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:26.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5175 (GCVE-0-2011-5175)

    Vulnerability from nvd – Published: 2012-09-15 17:00 – Updated: 2024-09-16 16:58
    VLAI
    Summary
    SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:44.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
                  "refsource": "MISC",
                  "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
                },
                {
                  "name": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
                },
                {
                  "name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
                  "refsource": "CONFIRM",
                  "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5175",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-09-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:58:43.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5168 (GCVE-0-2011-5168)

    Vulnerability from nvd – Published: 2012-09-15 17:00 – Updated: 2024-09-16 19:51
    VLAI
    Summary
    SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:47.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17919",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/17919"
              },
              {
                "name": "83882",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/83882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
              },
              {
                "name": "49903",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17919",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/17919"
            },
            {
              "name": "83882",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/83882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
            },
            {
              "name": "49903",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5168",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17919",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/17919"
                },
                {
                  "name": "83882",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/83882"
                },
                {
                  "name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
                  "refsource": "CONFIRM",
                  "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
                },
                {
                  "name": "49903",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49903"
                },
                {
                  "name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
                  "refsource": "CONFIRM",
                  "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5168",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-09-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:10.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5243 (GCVE-0-2012-5243)

    Vulnerability from cvelistv5 – Published: 2014-10-21 14:00 – Updated: 2024-08-06 20:58
    VLAI
    Summary
    functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.exploit-db.com/exploits/23573 exploitx_refsource_EXPLOIT-DB
    https://www.htbridge.com/advisory/HTB23118 x_refsource_MISC
    Date Public
    2012-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:58:03.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23573",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/23573"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23118"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-21T11:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23573",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/23573"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23118"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5243",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23573",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/23573"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23118",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23118"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5243",
        "datePublished": "2014-10-21T14:00:00.000Z",
        "dateReserved": "2012-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:58:03.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5242 (GCVE-0-2012-5242)

    Vulnerability from cvelistv5 – Published: 2014-10-21 14:00 – Updated: 2024-08-06 20:58
    VLAI
    Summary
    Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.exploit-db.com/exploits/23573 exploitx_refsource_EXPLOIT-DB
    https://www.htbridge.com/advisory/HTB23118 x_refsource_MISC
    Date Public
    2012-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:58:03.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23573",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/23573"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23118"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-21T11:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23573",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/23573"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23118"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23573",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/23573"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23118",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23118"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5242",
        "datePublished": "2014-10-21T14:00:00.000Z",
        "dateReserved": "2012-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:58:03.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5244 (GCVE-0-2012-5244)

    Vulnerability from cvelistv5 – Published: 2014-10-20 14:00 – Updated: 2024-08-06 20:58
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.exploit-db.com/exploits/23573/ exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/88537 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/88536 vdb-entryx_refsource_OSVDB
    http://osvdb.org/88535 vdb-entryx_refsource_OSVDB
    https://www.htbridge.com/advisory/HTB23118 x_refsource_MISC
    http://osvdb.org/88538 vdb-entryx_refsource_OSVDB
    Date Public
    2012-12-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:58:03.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23573",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/23573/"
              },
              {
                "name": "88537",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88537"
              },
              {
                "name": "banana-dance-ajax-sql-injection(80746)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
              },
              {
                "name": "88536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88536"
              },
              {
                "name": "88535",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88535"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23118"
              },
              {
                "name": "88538",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/88538"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23573",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/23573/"
            },
            {
              "name": "88537",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88537"
            },
            {
              "name": "banana-dance-ajax-sql-injection(80746)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
            },
            {
              "name": "88536",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88536"
            },
            {
              "name": "88535",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88535"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23118"
            },
            {
              "name": "88538",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/88538"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23573",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/23573/"
                },
                {
                  "name": "88537",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88537"
                },
                {
                  "name": "banana-dance-ajax-sql-injection(80746)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80746"
                },
                {
                  "name": "88536",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88536"
                },
                {
                  "name": "88535",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88535"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23118",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23118"
                },
                {
                  "name": "88538",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/88538"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5244",
        "datePublished": "2014-10-20T14:00:00.000Z",
        "dateReserved": "2012-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:58:03.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5168 (GCVE-0-2011-5168)

    Vulnerability from cvelistv5 – Published: 2012-09-15 17:00 – Updated: 2024-09-16 19:51
    VLAI
    Summary
    SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:47.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17919",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/17919"
              },
              {
                "name": "83882",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/83882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
              },
              {
                "name": "49903",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17919",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/17919"
            },
            {
              "name": "83882",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/83882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
            },
            {
              "name": "49903",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5168",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17919",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/17919"
                },
                {
                  "name": "83882",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/83882"
                },
                {
                  "name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
                  "refsource": "CONFIRM",
                  "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
                },
                {
                  "name": "49903",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49903"
                },
                {
                  "name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
                  "refsource": "CONFIRM",
                  "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5168",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-09-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:10.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5175 (GCVE-0-2011-5175)

    Vulnerability from cvelistv5 – Published: 2012-09-15 17:00 – Updated: 2024-09-16 16:58
    VLAI
    Summary
    SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:44.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
                  "refsource": "MISC",
                  "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
                },
                {
                  "name": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.org/files/115772/Banana-Dance-CMS-B.2.1-XSS-SQL-Injection.html"
                },
                {
                  "name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
                  "refsource": "CONFIRM",
                  "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5175",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-09-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:58:43.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-5176 (GCVE-0-2011-5176)

    Vulnerability from cvelistv5 – Published: 2012-09-15 17:00 – Updated: 2024-09-17 04:14
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:30:46.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-5176",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme",
                  "refsource": "MISC",
                  "url": "http://www.bananadance.org/Program-News/Minor-Update-and-New-Theme"
                },
                {
                  "name": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit",
                  "refsource": "CONFIRM",
                  "url": "http://www.doyoubananadance.com/Program-News/Important-Notice-About-SQLi-Exploit"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-5176",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-09-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:26.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }