10 matches found
cmsphp 0.21 (lfi/xss) Multiple Vulnerabilities
No description provided by source. + CMSphp 0.21 LFI/XSS Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://sourceforge.net/projects/cmsphp/ + Local File Inclusion - PoC...
CVE-2009-3520
Cross-site request forgery CSRF vulnerability in the Youraccount module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admininfouserverif action...
CVE-2009-3520
CVE-2009-3520 is a CSRF vulnerability affecting CMSphp 0.21 in the Your_account module. Remote attackers can coerce an administrator’s browser to perform a password-change action (admin_info_user_verif) by supplying the parameters pseudo , pwd , and uid , effectively hijacking administrator authe...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the 1 cookuser parameter to index.php and the 2 name parameter to modules.php...
Directory traversal
Directory traversal vulnerability in modules.php in CMSphp 0.21 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the modfile parameter...
CVE-2009-3507
CVE-2009-3507 is a vulnerability in CMSphp 0.21 where a directory traversal via the mod_file parameter allows remote attackers to include and execute arbitrary local files using “..”. This is supported by multiple records (NVD, CVE list, PRION, CVELIST) and aligned with the observed CVSSv2 base s...
CVE-2009-3506
CVE-2009-3506 involves multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21. The affected software is CMSphp 0.21, with XSS achievable through the cook_user parameter to index.php and the name parameter to modules.php. The available records describe the underlying issue as improper ...
CMSphp 0.21 Cross Site Request Forgery
Author: REMOVED AT REQUEST OF AUTHOR CMS: CMSphp 0.21 Type of vulnerability: Cross site request forgery You can download following cms on : http://webscripts.softpedia.com/script/Content-Management/CMSphp-37567.html CMSphp 0.21 suffers from Cross site request forgery which allows malicious attack...
CMSphp 0.21 (LFI/XSS) Multiple Remote Vulnerabilities
No description provided by source. + CMSphp 0.21 LFI/XSS Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://sourceforge.net/projects/cmsphp/ + Local File Inclusion - PoC...
CMSphp 0.21 (LFI/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ===================================================== CMSphp 0.21 LFI/XSS Multiple Remote Vulnerabilities ===================================================== + CMSphp 0.21 LFI/XSS Multiple Remote Vulnerabilities + Discovered By SirGod +...