3 matches found
CVE-2014-4851
CVE-2014-4851 describes an open redirect in the FoeCMS component msg.php, where an attacker can use the r parameter to redirect victims to arbitrary sites, enabling phishing-like scenarios. The description and related records consistently refer to this vulnerability as an open redirect in FoeCMS ...
CVE-2014-4850
CVE-2014-4850 is a SQL injection vulnerability in the FoeCMS file index.php, exploitable via the i parameter to execute arbitrary SQL commands. Multiple connected sources (NVD, Red Hat advisory, CVE lists) confirm the affected component as FoeCMS and the root cause as unsafely interpolated SQL, e...
CVE-2014-4849
CVE-2014-4849 describes multiple cross-site scripting (XSS) weaknesses in the FoeCMS component, specifically in the file/msg handler msg.php , exploitable via the input parameters (1) e and (2) r. The issue allows remote attackers to inject arbitrary web script or HTML. The NVD metrics list a bas...