4 matches found
CVE-2009-0735
The vulnerability CVE-2009-0735 affects Papoo CMS 3.6, specifically in lib/classes/message_class.php. When register_globals is enabled and magic_quotes_gpc is disabled, a directory traversal via the pfadhier parameter (.. path) can allow remote attackers to read, and possibly execute, arbitrary f...
CVE-2007-3494
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...
Code injection
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...
CVE-2007-3494
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...