Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2)...
7.4AI Score
0.007EPSS
HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by...
6.3AI Score
0.003EPSS
9.8CVSS
9.4AI Score
0.052EPSS
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4)...
8.7AI Score
0.006EPSS