Lucene search
K
Exv2Content Management System

6 matches found

CVE
CVE
added 2006/09/27 11:0 p.m.61 views

CVE-2006-5030

CVE-2006-5030 describes an SQL injection in exV2 2.0.4.3 and earlier, affecting the modules/messages/index.php file. The vulnerability is triggered by the sort parameter and permits remote authenticated users to execute arbitrary SQL commands. The NVD metrics indicate high severity (base score 7....

7.5CVSS8.3AI score0.01079EPSS
Web
CVE
CVE
added 2007/04/11 10:0 a.m.49 views

CVE-2007-1965

CVE-2007-1965 describes multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS versions up to 2.0.4.3 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. Ex...

4.3CVSS5.6AI score0.01022EPSS
CVE
CVE
added 2007/04/11 10:0 a.m.49 views

CVE-2007-1966

CVE-2007-1966 affects eXV2 CMS up to version 2.0.4.3. It describes a session fixation flaw that allows a remote attacker to hijack a user session by setting the PHPSESSID cookie. The impact is noted as high for confidentiality and integrity (no availability impact). No explicit exploit details or...

9.1CVSS6.7AI score0.01236EPSS
CVE
CVE
added 2007/08/15 7:0 p.m.48 views

CVE-2007-4365

CVE-2007-4365 is an XSS vulnerability affecting eXV2 CMS 2.0.5 and earlier. The flaw allows remote attackers to inject arbitrary script/HTML via a set_lang cookie to an unspecified component. Connected records also reference CVE-2007-1965 as a possible overlap. The available documents confirm the...

4.3CVSS5.7AI score0.01065EPSS
CVE
CVE
added 2007/02/27 6:0 p.m.45 views

CVE-2006-7079

CVE-2006-7079 affects exV2 versions 2.0.4.3 and earlier, in include/common.php. The issue allows remote attackers to overwrite arbitrary program variables and perform directory traversal to execute arbitrary code by modifying xoopsOption['pagetype']. The initial docs provide CVSS data: CVSS v2 ba...

9.8CVSS8AI score0.12847EPSS
CVE
CVE
added 2007/02/27 6:0 p.m.38 views

CVE-2006-7080

Summary: CVE-2006-7080 affects exV2 versions up to 2.0.4.3, where the avatar upload feature is vulnerable to a directory traversal via the old_avatar parameter. Attacker-controlled ".." sequences can be used to delete arbitrary files on the server. The vulnerability is categorized with a CVSS v2 ...

4.3CVSS7.2AI score0.04491EPSS