4 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admineditsubmenu.php, 2 adminnewsubmenu.php, and 3 adminedittopmenu.php in admin/...
CVE-2008-2987
CVE-2008-2987 describes multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1. The issue is triggered by PATH_INFO input to the admin subsystem, specifically the files admin_edit_submenu.php, admin_new_submenu.php, and admin_edit_topmenu.php, allowing remote attackers to inject arb...
Authentication flaw
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu...
CVE-2008-2879
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu...