Lucene search
K

4 matches found

CVE
CVE
added 2012/11/17 9:0 p.m.55 views

CVE-2012-5892

The CVE-2012-5892 entry pertains to Havalite CMS 1.1.0 and earlier, where improper access control allows remote attackers to download the configuration database (data/havalite.db3) from the web root. The root cause is insecure storage of sensitive data under the web root, enabling direct requests...

5CVSS6.5AI score0.0148EPSS
Web
CVE
CVE
added 2012/11/17 9:0 p.m.45 views

CVE-2012-5894

Summary: CVE-2012-5894 describes a SQL injection in Havalite CMS up to version 1.1.0, via the postId parameter in hava_post.php, enabling remote arbitrary SQL execution. The connected documents consistently identify the affected software as Havalite CMS 1.1.0 and earlier and attribute the issue t...

7.5CVSS8.7AI score0.01119EPSS
Web
CVE
CVE
added 2012/11/17 9:0 p.m.43 views

CVE-2012-5893

The CVE-2012-5893 entry concerns Havalite CMS (versions up to 1.1.0). A vulnerability in hava_upload.php allows unrestricted file upload, where an attacker can upload a file with a .php;.gif extension and then access it directly under tmp/files/ to execute arbitrary code on the server. This const...

6.8CVSS7.9AI score0.02846EPSS
Web
CVE
CVE
added 2012/11/19 11:0 a.m.42 views

CVE-2012-5919

CVE-2012-5919 affects Havalite CMS up to version 1.0.4 (and earlier). The issue comprises multiple XSS vulnerabilities in code paths including havalite/findReplace.php (find/replace fields), havalite/hava_login.php (username), Edit Article module, and hava_post.php (postAuthor module; postId), as...

4.3CVSS5.9AI score0.01822EPSS
Web