Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
DatabayMaxcms

3 matches found

CVE
CVEadded 2009/09/25 10:0 p.m.43 views

CVE-2009-3424

CVE-2009-3424 affects MaxCMS 3.11.20b: multiple remote file inclusion vulnerabilities when register_globals is enabled. An attacker can cause arbitrary PHP code execution by supplying URLs in a set of 34 parameters across various files (e.g., includes/InstantSite/inc.is_root.php; classes/...php; ...

6.8CVSS7.7AI score0.0189EPSS
Web
CVE
CVEadded 2009/09/25 10:0 p.m.39 views

CVE-2009-3425

CVE-2009-3425 affects MaxCMS 3.11.20b. A directory traversal flaw in the admin component, specifically includes/inc.thcms_admin_dirtree.php, allows remote attackers to read arbitrary files via traversal sequences in the thCMS_root parameter. Public references (NVD, CVE records) confirm the vulner...

5CVSS6.7AI score0.02922EPSS
Web
CVE
CVEadded 2009/09/25 10:0 p.m.39 views

CVE-2009-3426

CVE-2009-3426 concerns a PHP remote file inclusion in MaxCMS 3.11.20b. The flaw is in includes/file_manager/special.php, where the fm_includes_special parameter can be controlled to include a remote PHP file, enabling arbitrary code execution on the server. Documented affected component: MaxCMS 3...

6.8CVSS7.5AI score0.01913EPSS
Web