3 matches found
CVE-2006-5055
CVE-2006-5055 describes a PHP remote file inclusion in syntaxCMS 1.1.1 to 1.3, exploitable via a URL in the init_path parameter of admin/testing/tests/0004_init_urls.php. The underlying issue is a vulnerability in how user-supplied URLs are included, allowing remote attackers to execute arbitrary...
CVE-2006-5105
SyntaxCMS versions 1.1.1–1.3 are vulnerable to PHP remote file inclusion via unvalidated input in admin/testing/tests/0030_init_syntax.php (init_path) and in admin/testing/index.php (unspecified parameter); the 0004_init_urls.php vector is already covered by CVE-2006-5055. This allows remote atta...
CVE-2005-4496
CVE-2005-4496 is an XSS vulnerability in SyntaxCMS 1.2.1 and earlier, exploitable via the search_query parameter to inject arbitrary script or HTML. Affected: SyntaxCMS versions up to 1.2.1 (and earlier). Impact: remote script/HTML execution as an attacker-provided payload; details on exploit vec...