2 matches found
CVE-2008-2017
The CVE-2008-2017 entry concerns Chilek Content Management System (ChiCoMaS) 2.0.4, where a directory traversal flaw allows remote attackers to include and execute arbitrary local files. The vulnerability arises from a dot-dot sequence (..) in the operation parameter to the default install/ URI. ...
CVE-2008-2016
The CVE-2008-2016 entry concerns Chilek Content Management System (ChiCoMaS) 2.0.4. The vulnerability is a PHP remote file inclusion via the lang parameter to the default URI under install/, enabling remote attackers to execute arbitrary PHP code. The note indicates this can also be leveraged to ...