2 matches found
CVE-2011-3696
CVE-2011-3696 affects 60cycleCMS 2.5.2. An attacker can trigger a direct request to a PHP file (e.g., post.php) and cause an error message that reveals the installation path, leading to information disclosure. The documented impact is exposure of sensitive filesystem paths; no additional exploit ...
CVE-2010-1951
CVE-2010-1951 affects 60cycleCMS. The flaw is a directory traversal vulnerability in the DOCUMENT_ROOT parameter exploited by (1) news.php, (2) submitComment.php, and (3) sqlConnect.php, allowing remote attackers to include and execute local files. Root cause: directory traversal sequences enable...