Content Management System Security Vulnerabilities and Issues — Content Management System CVE List

Lucene search

Exv2Content Management System

6 matches found

CVE•added 2006/09/27 11:7 p.m.•52 views

CVE-2006-5030

SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.

7.5CVSS8.3AI score0.00415EPSS

CVE•added 2007/04/11 10:19 a.m.•37 views

CVE-2007-1965

Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.

4.3CVSS5.6AI score0.003EPSS

CVE•added 2007/08/15 7:17 p.m.•37 views

CVE-2007-4365

Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.

4.3CVSS5.7AI score0.00329EPSS

CVE•added 2007/04/11 10:19 a.m.•35 views

CVE-2007-1966

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

9.1CVSS6.7AI score0.00286EPSS

CVE•added 2007/03/02 9:18 p.m.•34 views

CVE-2006-7079

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.

9.8CVSS8AI score0.11984EPSS

CVE•added 2007/03/02 9:18 p.m.•29 views

CVE-2006-7080

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

4.3CVSS7.2AI score0.03124EPSS