SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.
Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.
Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.