Lucene search
K
FipsaspFipscms

5 matches found

CVE
CVE
added 2006/11/26 10:0 p.m.52 views

CVE-2006-6115

CVE-2006-6115 describes a SQL injection vulnerability in index.asp of fipsCMS 4.5 and earlier via the fid parameter. Remote attackers could potentially execute arbitrary SQL commands through this input. The description does not specify affected versions beyond “4.5 and earlier” nor provide remedi...

7.5CVSS8.3AI score0.01192EPSS
CVE
CVE
added 2006/06/15 10:0 a.m.48 views

CVE-2006-3031

CVE-2006-3031 concerns multiple cross-site scripting (XSS) vulnerabilities in the web application component index.asp of fipsCMS 4.5 and earlier . The issue allows remote attackers to inject arbitrary web script or HTML via the parameters w , phcat , dayid , and calw . The description notes XSS i...

4.3CVSS6AI score0.01158EPSS
CVE
CVE
added 2007/05/09 6:0 p.m.44 views

CVE-2007-2561

CVE-2007-2561 describes an SQL injection vulnerability in the fipsCMS web app. The flaw is in the file index.asp of fipsCMS 2.1, where the parameter pid can be manipulated by an attacker to execute arbitrary SQL commands on the backend database. This is noted as a different vector from CVE-2006-6...

7.5CVSS8.2AI score0.01009EPSS
CVE
CVE
added 2008/08/20 4:0 p.m.42 views

CVE-2008-3722

The CVE-2008-3722 entry documents a SQL injection vulnerability in fipsCMS 2.1, specifically in forum/neu.asp where the kat parameter can be used to inject arbitrary SQL. The issue originates from improper handling of user input and allows remote attackers to execute commands against the database...

7.5CVSS8.1AI score0.00961EPSS
Web
CVE
CVE
added 2008/05/09 6:0 p.m.40 views

CVE-2008-2124

CVE-2008-2124 describes an SQL injection in modules/print.asp of fipsASP fipsCMS, exploitable via the lg parameter. The underlying flaw is improper handling of user input that enables arbitrary SQL execution. The CVSS v2 vector indicates a NETWORK attack vector, LOW complexity, no authentication,...

7.5CVSS8.4AI score0.00973EPSS
Web