Cod3Rz

#8456of 53,608
32.5Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2009-2303
10
2009-06-22
Fuzzylime · Fuzzylime · CVE-2008-6834
Name of the Vulnerable Software and Affected Versions: fuzzylime (cms) versions 3.01 through 3.01a Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `s` parameter to "code/commupdate.php" in a count action or the `heads` parameter to "code/newsheads.php". Recommendations: For versions 3.01 through 3.01a, consider restricting access to the "code/commupdate.php" and "code/newsheads.php" scripts to minimize the risk of exploitation. Avoid using the `s` parameter in "code/commupdate.php" and the `heads` parameter in "code/newsheads.php" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2009-2120
5.0
2009-04-07
Minibloggie · Minibloggie · CVE-2008-6650
**Name of the Vulnerable Software and Affected Versions** miniBloggie version 1.0 **Description** The issue allows remote attackers to delete arbitrary posts by making a direct request to "del.php" with a modified `post id` parameter. **Recommendations** For miniBloggie version 1.0, consider restricting access to the "del.php" endpoint until a patch is available, or avoid using the `post id` parameter in this endpoint to minimize the risk of exploitation.
PT-2009-2122
7.5
2009-04-07
Nonecms · Nonecms · CVE-2008-6652
**Name of the Vulnerable Software and Affected Versions** OneCMS version 2.5 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `sitename` parameter in the asd.php file. **Recommendations** For OneCMS version 2.5, avoid using the `sitename` parameter in the asd.php file until a fix is available. Consider restricting access to the asd.php file to minimize the risk of exploitation.
PT-2008-3697
10
2008-05-14
It · It!Cms · CVE-2008-2192
**Name of the Vulnerable Software and Affected Versions** IT!CMS (aka itcms) version 1.9 **Description** A static code injection issue allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the `shout` parameter. **Recommendations** For IT!CMS version 1.9, as a temporary workaround, consider restricting access to the `box/MiniChat/data/shouts.php` file until a patch is available. Avoid using the `shout` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.