Cvir.System

#11008of 53,624
25Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2006-6099
7.5
2006-10-18
Contenido · Contenido Cms · CVE-2006-5380
**Name of the Vulnerable Software and Affected Versions** Contenido CMS versions prior to 4.6.15 **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `contenido path` parameter to (1) "cms/dbfs.php" or (2) "cms/front content.php". **Recommendations** For versions prior to 4.6.15, as a temporary workaround, consider restricting access to the `contenido path` parameter in the affected API endpoints "cms/dbfs.php" and "cms/front content.php" until a patch is available.
PT-2006-6100
5.0
2006-10-18
Unknown · Contenido Cms · CVE-2006-5381
**Name of the Vulnerable Software and Affected Versions** Contenido CMS (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive data, including database credentials, due to insufficient access control. This can be achieved by making a direct request to certain files in the conlib/ directory, specifically: (1) "db msql.inc", (2) "db mssql.inc", (3) "db mysqli.inc", (4) "db oci8.inc", (5) "db odbc.inc", (6) "db oracle.inc", (7) "db pgsql.inc", or (8) "db sybase.inc". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-5763
7.5
2006-09-27
P News · Pnews System · CVE-2006-5022
**Name of the Vulnerable Software and Affected Versions** pNews System version 1.1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `nbs` parameter in the includes/global.php file. **Recommendations** For pNews System version 1.1.0, update the includes/global.php file to validate and sanitize the `nbs` parameter to prevent remote file inclusion attacks. As a temporary workaround, consider restricting access to the includes/global.php file until a patch is available.
PT-2006-5768
5.0
2006-09-27
Jevon · Jevoncms · CVE-2006-5027
**Name of the Vulnerable Software and Affected Versions** JevonCMS versions prior to alpha **Description** The issue allows remote attackers to obtain sensitive information via a direct request for certain php/main/phplib files, including `db msql.inc`, `db mssql.inc`, `db mysql.inc`, `db oci8.inc`, `db odbc.inc`, `db oracle.inc`, `db pgsql.inc`, and `db sybase.inc`. These files reveal the path in various error messages. **Recommendations** For JevonCMS versions prior to alpha, consider restricting access to the php/main/phplib directory to minimize the risk of exploitation. As a temporary workaround, avoid using the direct request method for the mentioned files until a patch is available.