3 matches found
Directory traversal
Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the VIEW view parameter to 1 index.php, 2 html/sitio/index.php, or 3 src/sistema/vistas/template/tplinicio.php...
CVE-2006-6720
PHP remote file inclusion vulnerability in admin/indexsitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the VIEW parameter...
CVE-2006-6720
The CVE-2006-6720 entry describes a PHP remote file inclusion in Azucar CMS 1.3, exploitable through admin/index_sitios.php via a URL in the _VIEW parameter to execute arbitrary PHP code. Documented CVSSv2 base metrics indicate a HIGH overall risk (Network vector, Low attack complexity, no authen...