2 matches found
CVE-2006-2931
CMS Mundo prior to 1.0 build 008 is affected by CVE-2006-2931 due to an input validation error in the image upload handling that allows remote attackers to upload PHP scripts and then access them directly to execute arbitrary code. The vulnerability resides in the image gallery upload path, enabl...
CVE-2006-2911
The CVE concerns CMS Mundo prior to 1.0 build 008, where SQL injection in controlpanel/index.php via the login username parameter allows remote attackers to execute arbitrary SQL commands. This vulnerability affects the username handling in the login flow, enabling potential data disclosure/manip...