Mohajali

#9070of 53,633
30.1Total CVSS
Vulnerabilities · 5
Low
1
Medium
1
High
3
PT-2006-5794
7.5
2006-09-28
Syntaxcms · Syntaxcms · CVE-2006-5055
**Name of the Vulnerable Software and Affected Versions** syntaxCMS versions 1.1.1 through 1.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `init path` parameter in the admin/testing/tests/0004 init urls.php file. **Recommendations** For syntaxCMS versions 1.1.1 through 1.3, consider restricting access to the admin/testing/tests/0004 init urls.php file to minimize the risk of exploitation. Avoid using the `init path` parameter in the affected file until the issue is resolved.
PT-2006-5512
7.5
2006-09-13
Jetbox · Jetbox Cms · CVE-2006-4737
**Name of the Vulnerable Software and Affected Versions** Jetbox CMS (affected versions not specified) **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `item` parameter in index.php. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-5513
7.5
2006-09-13
Jetbox · Jetbox Cms · CVE-2006-4738
**Name of the Vulnerable Software and Affected Versions** Jetbox CMS (affected versions not specified) **Description** A remote file inclusion issue in phpthumb.php allows remote attackers to execute arbitrary PHP code via a URL in the `includes path` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-5514
2.6
2006-09-13
Jetbox · Jetbox Cms · CVE-2006-4739
**Name of the Vulnerable Software and Affected Versions** Jetbox CMS (affected versions not specified) **Description** The issue allows remote attackers to inject arbitrary web script or HTML, as demonstrated via the `OriginalImageData` parameter to "phpthumb.php" API endpoint. This can lead to cross-site scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2006-5515
5.0
2006-09-13
Jetbox · Jetbox Cms · CVE-2006-4740
**Name of the Vulnerable Software and Affected Versions** Jetbox CMS (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information via a direct request for certain files. These files reveal the path in an error message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.