CVE-2006-3135

CVE-2006-3135 affects CMS Mundo 1.0 build 008 (and possibly other versions). The vulnerability is a set of multiple SQL injection flaws that enable remote attackers to run arbitrary SQL commands via (1) news_id in the news module, (2) searchstring in the search module, (3) id in the webshop modul...

CVE-2006-2931

CMS Mundo prior to 1.0 build 008 is affected by CVE-2006-2931 due to an input validation error in the image upload handling that allows remote attackers to upload PHP scripts and then access them directly to execute arbitrary code. The vulnerability resides in the image gallery upload path, enabl...

CVE-2006-2684

CVE-2006-2684 : An XSS vulnerability in the search module of CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. The root cause is not fully described beyond “XSS in search.” Impact details are limited in the provided documents; CVSS metric...

CVE-2006-2911

The CVE concerns CMS Mundo prior to 1.0 build 008, where SQL injection in controlpanel/index.php via the login username parameter allows remote attackers to execute arbitrary SQL commands. This vulnerability affects the username handling in the login flow, enabling potential data disclosure/manip...