Lucene search
K
BokaSiteengine

4 matches found

CVE
CVE
added 2010/12/01 4:0 p.m.80 views

CVE-2008-7269

CVE-2008-7269 is an open-redirect flaw affecting SiteEngine 5.x (notably in api.php) where a user-controlled forward parameter in a logout action can redirect victims to arbitrary sites. The vulnerability enables user-assisted remote attack chains for phishing or similar redirects. The Nuclei tem...

5.8CVSS6.8AI score0.09254EPSS
CVE
CVE
added 2010/12/01 4:0 p.m.50 views

CVE-2008-7267

CVE-2008-7267 describes a SQL injection in SiteEngine 5.x, specifically in announcements.php, where the vulnerable parameter is id. The root cause is improper handling of user input leading to arbitrary SQL execution by remote attackers. Impact is partial confidentiality/integrity/availability lo...

7.5CVSS8.7AI score0.01185EPSS
CVE
CVE
added 2010/12/01 4:0 p.m.50 views

CVE-2008-7268

SiteEngine 5.x is affected by CVE-2008-7268 via a phpinfo information-disclosure in misc.php when action=php_info is supplied, allowing remote attackers to obtain system information. The connected documents reiterate the description; no remediation patch/version is provided in the supplied source...

5CVSS6.5AI score0.01616EPSS
CVE
CVE
added 2010/12/01 4:0 p.m.44 views

CVE-2010-4357

CVE-2010-4357: SiteEngine 7.1 contains a SQL injection in comments.php via the module parameter, enabling remote arbitrary SQL execution. Technical detail: vulnerable component is the comments.php handler in SiteEngine 7.1; exploit vector is passing crafted module parameters to trigger SQL comman...

7.5CVSS8.7AI score0.0098EPSS