5 matches found
CVE-2006-6115
CVE-2006-6115 describes a SQL injection vulnerability in index.asp of fipsCMS 4.5 and earlier via the fid parameter. Remote attackers could potentially execute arbitrary SQL commands through this input. The description does not specify affected versions beyond “4.5 and earlier” nor provide remedi...
CVE-2006-3031
CVE-2006-3031 concerns multiple cross-site scripting (XSS) vulnerabilities in the web application component index.asp of fipsCMS 4.5 and earlier . The issue allows remote attackers to inject arbitrary web script or HTML via the parameters w , phcat , dayid , and calw . The description notes XSS i...
CVE-2007-2561
CVE-2007-2561 describes an SQL injection vulnerability in the fipsCMS web app. The flaw is in the file index.asp of fipsCMS 2.1, where the parameter pid can be manipulated by an attacker to execute arbitrary SQL commands on the backend database. This is noted as a different vector from CVE-2006-6...
CVE-2008-3722
The CVE-2008-3722 entry documents a SQL injection vulnerability in fipsCMS 2.1, specifically in forum/neu.asp where the kat parameter can be used to inject arbitrary SQL. The issue originates from improper handling of user input and allows remote attackers to execute commands against the database...
CVE-2008-2124
CVE-2008-2124 describes an SQL injection in modules/print.asp of fipsASP fipsCMS, exploitable via the lg parameter. The underlying flaw is improper handling of user input that enables arbitrary SQL execution. The CVSS v2 vector indicates a NETWORK attack vector, LOW complexity, no authentication,...