3 matches found
CVE-2008-2681
Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to db/compact.asp, which reveals the database path in an error message...
CVE-2008-2679
SQL injection vulnerability in the KeyWordsList function in includes/incroutines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI...
CVE-2008-2682
RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including 1 cUserRole, 2 cUserName, and 3 cUserID...