Bitweaver@1.2.1 Security Vulnerabilities and Issues — Bitweaver@1.2.1 CVE List

Lucene search

BitweaverBitweaver1.2.1

8 matches found

CVE•added 2014/01/28 12:55 a.m.•131 views

CVE-2012-5192

Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.

5CVSS6.1AI score0.51479EPSS

CVE•added 2007/01/13 2:28 a.m.•45 views

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is al...

5CVSS6.6AI score0.07851EPSS

CVE•added 2009/05/18 6:30 p.m.•42 views

CVE-2009-1678

Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the version parameter to boards/boards_rss.php.

7.5CVSS7AI score0.00681EPSS

CVE•added 2007/01/13 2:28 a.m.•35 views

CVE-2006-6925

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php...

6.8CVSS6AI score0.08621EPSS

CVE•added 2009/05/18 6:30 p.m.•35 views

CVE-2009-1677

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/...

6.5CVSS7.2AI score0.0092EPSS

CVE•added 2006/03/10 2:2 a.m.•33 views

CVE-2006-1131

Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.

4.3CVSS5.7AI score0.00513EPSS

CVE•added 2007/12/15 1:46 a.m.•32 views

CVE-2007-6375

Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code...

7.5CVSS8.4AI score0.00356EPSS

CVE•added 2007/01/13 2:28 a.m.•31 views

CVE-2006-6923

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

7.5CVSS8.8AI score0.00419EPSS