Dynpg Security Vulnerabilities and Issues — Dynpg CVE List

Lucene search

DynpgDynpg

11 matches found

CVE•added 2021/03/23 2:15 p.m.•38 views

CVE-2021-27531

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.

4.8CVSS4.9AI score0.00184EPSS

CVE•added 2010/12/06 1:37 p.m.•37 views

CVE-2010-4399

Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party ...

4.3CVSS6.9AI score0.0602EPSS

CVE•added 2021/03/23 2:15 p.m.•34 views

CVE-2021-27526

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.

4.8CVSS4.9AI score0.00184EPSS

CVE•added 2021/03/23 2:15 p.m.•33 views

CVE-2021-27529

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.

4.8CVSS4.9AI score0.00162EPSS

CVE•added 2010/12/06 1:37 p.m.•32 views

CVE-2010-4400

SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.

7.5CVSS8.7AI score0.0047EPSS

CVE•added 2021/03/23 2:15 p.m.•32 views

CVE-2021-27528

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.

4.8CVSS4.9AI score0.00184EPSS

CVE•added 2010/04/07 6:30 p.m.•31 views

CVE-2010-1299

Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, and possibly earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) DefineRootToTool parameter to counter.php, (2) PathToRoot paramet...

5.1CVSS7.9AI score0.07649EPSS

CVE•added 2010/12/06 1:37 p.m.•31 views

CVE-2010-4401

languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.

5CVSS6.3AI score0.05304EPSS

CVE•added 2021/03/23 2:15 p.m.•31 views

CVE-2021-27530

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.

4.8CVSS4.9AI score0.00184EPSS

CVE•added 2021/03/23 2:15 p.m.•29 views

CVE-2021-27527

A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.

4.8CVSS4.9AI score0.00162EPSS

CVE•added 2021/11/02 11:15 a.m.•28 views

CVE-2020-27406

Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.

5.4CVSS5.4AI score0.00213EPSS