2 matches found
CVE-2009-2177
code/display.php in fuzzylime cms 3.03a and earlier, when magicquotesgpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" dot dot in the s parameter, which is collapsed into a "../" value...
CVE-2009-2176
Multiple directory traversal vulnerabilities in fuzzylime cms 3.03a and earlier, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 list parameter to code/confirm.php and the 2 template parameter to...