Drake Cms@0.3.7 beta Security Vulnerabilities and Issues — Drake Cms@0.3.7 beta CVE List

Lucene search

Drake TeamDrake Cms0.3.7 beta

2 matches found

CVE•added 2007/04/03 4:19 p.m.•39 views

CVE-2007-1849

Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version avai...

7.5CVSS7.2AI score0.02777EPSS

CVE•added 2007/04/03 4:19 p.m.•36 views

CVE-2007-1848

Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports ...

4.3CVSS5.8AI score0.00285EPSS