SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
8.4AI Score
0.001EPSS
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
8.4AI Score
0.007EPSS
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.
7.3AI Score
0.026EPSS