Lucene search
K

4 matches found

CVE
CVE
added 2012/11/17 9:0 p.m.55 views

CVE-2012-5892

The CVE-2012-5892 entry pertains to Havalite CMS 1.1.0 and earlier, where improper access control allows remote attackers to download the configuration database (data/havalite.db3) from the web root. The root cause is insecure storage of sensitive data under the web root, enabling direct requests...

5CVSS6.5AI score0.0148EPSS
CVE
CVE
added 2012/11/17 9:0 p.m.45 views

CVE-2012-5894

Summary: CVE-2012-5894 describes a SQL injection in Havalite CMS up to version 1.1.0, via the postId parameter in hava_post.php, enabling remote arbitrary SQL execution. The connected documents consistently identify the affected software as Havalite CMS 1.1.0 and earlier and attribute the issue t...

7.5CVSS8.7AI score0.01119EPSS
CVE
CVE
added 2012/11/17 9:0 p.m.43 views

CVE-2012-5893

The CVE-2012-5893 entry concerns Havalite CMS (versions up to 1.1.0). A vulnerability in hava_upload.php allows unrestricted file upload, where an attacker can upload a file with a .php;.gif extension and then access it directly under tmp/files/ to execute arbitrary code on the server. This const...

6.8CVSS7.9AI score0.02846EPSS
CVE
CVE
added 2012/11/19 11:0 a.m.42 views

CVE-2012-5919

CVE-2012-5919 affects Havalite CMS up to version 1.0.4 (and earlier). The issue comprises multiple XSS vulnerabilities in code paths including havalite/findReplace.php (find/replace fields), havalite/hava_login.php (username), Edit Article module, and hava_post.php (postAuthor module; postId), as...

4.3CVSS5.9AI score0.01822EPSS