6 matches found
CVE-2006-5030
CVE-2006-5030 describes an SQL injection in exV2 2.0.4.3 and earlier, affecting the modules/messages/index.php file. The vulnerability is triggered by the sort parameter and permits remote authenticated users to execute arbitrary SQL commands. The NVD metrics indicate high severity (base score 7....
CVE-2007-1965
CVE-2007-1965 describes multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS versions up to 2.0.4.3 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. Ex...
CVE-2007-1966
CVE-2007-1966 affects eXV2 CMS up to version 2.0.4.3. It describes a session fixation flaw that allows a remote attacker to hijack a user session by setting the PHPSESSID cookie. The impact is noted as high for confidentiality and integrity (no availability impact). No explicit exploit details or...
CVE-2007-4365
CVE-2007-4365 is an XSS vulnerability affecting eXV2 CMS 2.0.5 and earlier. The flaw allows remote attackers to inject arbitrary script/HTML via a set_lang cookie to an unspecified component. Connected records also reference CVE-2007-1965 as a possible overlap. The available documents confirm the...
CVE-2006-7079
CVE-2006-7079 affects exV2 versions 2.0.4.3 and earlier, in include/common.php. The issue allows remote attackers to overwrite arbitrary program variables and perform directory traversal to execute arbitrary code by modifying xoopsOption['pagetype']. The initial docs provide CVSS data: CVSS v2 ba...
CVE-2006-7080
Summary: CVE-2006-7080 affects exV2 versions up to 2.0.4.3, where the avatar upload feature is vulnerable to a directory traversal via the old_avatar parameter. Attacker-controlled ".." sequences can be used to delete arbitrary files on the server. The vulnerability is categorized with a CVSS v2 ...