4 matches found
CVE-2012-5892
The CVE-2012-5892 entry pertains to Havalite CMS 1.1.0 and earlier, where improper access control allows remote attackers to download the configuration database (data/havalite.db3) from the web root. The root cause is insecure storage of sensitive data under the web root, enabling direct requests...
CVE-2012-5894
Summary: CVE-2012-5894 describes a SQL injection in Havalite CMS up to version 1.1.0, via the postId parameter in hava_post.php, enabling remote arbitrary SQL execution. The connected documents consistently identify the affected software as Havalite CMS 1.1.0 and earlier and attribute the issue t...
CVE-2012-5893
The CVE-2012-5893 entry concerns Havalite CMS (versions up to 1.1.0). A vulnerability in hava_upload.php allows unrestricted file upload, where an attacker can upload a file with a .php;.gif extension and then access it directly under tmp/files/ to execute arbitrary code on the server. This const...
CVE-2012-5919
CVE-2012-5919 affects Havalite CMS up to version 1.0.4 (and earlier). The issue comprises multiple XSS vulnerabilities in code paths including havalite/findReplace.php (find/replace fields), havalite/hava_login.php (username), Edit Article module, and hava_post.php (postAuthor module; postId), as...