Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: th

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.