76 matches found
u5CMS 'u5admin/deletefile.php' directory traversal vulnerability
u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. A directory traversal vulnerability exists in the u5CMS...
u5CMS Cross-Site Scripting Vulnerability
u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. A cross-site scripting vulnerability exists in u5CMS. Th...
CVE-2015-1578
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 pidvesa cookie to u5admin/pidvesa.php or 2 uri parameter to u5admin/meta2.php...
CVE-2015-1576
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...
CVE-2015-1575
Multiple cross-site scripting XSS vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the 1 c, 2 i, 3 l, or 4 p parameter to index.php; the 5 a or 6 b parameter to u5admin/cookie.php; the name parameter to 7 copy.php or 8 delete.php in u5admin/;...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the 1 c, 2 i, 3 l, or 4 p parameter to index.php; the 5 a or 6 b parameter to u5admin/cookie.php; the name parameter to 7 copy.php or 8 delete.php in u5admin/;...
Sql injection
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...
Open redirect
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 pidvesa cookie to u5admin/pidvesa.php or 2 uri parameter to u5admin/meta2.php...
CVE-2015-1575
Multiple cross-site scripting XSS vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the 1 c, 2 i, 3 l, or 4 p parameter to index.php; the 5 a or 6 b parameter to u5admin/cookie.php; the name parameter to 7 copy.php or 8 delete.php in u5admin/;...
CVE-2015-1578
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 pidvesa cookie to u5admin/pidvesa.php or 2 uri parameter to u5admin/meta2.php...
CVE-2015-1576
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to 1 copy2.php, 2 localize.php, 3 metai.php, 4 nc.php, 5 new2.php, or 6 rename2.php in u5admin/; 7 c parameter to u5admin/editor.php; 8 typ parameter to...
CVE-2015-1578
CVE-2015-1578 affects u5CMS prior to 3.9.4, where Open Redirect flaws exist in u5admin/pidvesa.php (pidvesa cookie) and u5admin/meta2.php (uri parameter). An attacker can redirect users to arbitrary sites, enabling phishing attempts. Remediation per the sources is to update to 3.9.4 (latest versi...
CVE-2015-1577
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a 1 .. dot dot or 2 full pathname in the f parameter...
CVE-2015-1575
CVE-2015-1575 affects u5CMS before 3.9.4, with multiple XSS paths due to insufficient input filtering on numerous parameters across index.php, u5admin/* scripts, and related pages. The underlying issue is failure to adequately sanitize inputs (e.g., c, i, l, p, a, b, name, f, typ, n, c, uri, newn...
CVE-2015-1576
CVE-2015-1576 affects u5CMS prior to 3.9.4, with multiple SQL injection flaws disclosed in scripts such as copy2.php, localize.php, metai.php, nc.php, new2.php, rename2.php (name parameter), editor.php (c parameter), meta2.php (typ parameter), and rename2.php (newname parameter). The root cause i...
KLA10500 Multiple vulnerabilities in u5CMS
Multiple serious vulnerabilities have been found in u5CMS. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute or inject arbitrary code and write local files. Below is a complete list of vulnerabilities 1. Open redirect vulnerabilities can be exploited...
u5CMS 3.9.3 - Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications u5CMS 3.9.3 Multiple SQL Injection Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conferenc...
u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities
Exploit for php platform in category web applications u5CMS 3.9.3 Multiple Stored And Reflected XSS Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites...
u5CMS 3.9.3 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications u5CMS 3.9.3 thumb.php Local File Inclusion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites,...
u5CMS 3.9.3 - Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications u5CMS 3.9.3 deletefile.php Arbitrary File Deletion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized...