3 matches found
CVE-2008-7208
CVE-2008-7208 affects OneCMS 2.4 (and possibly earlier). The issue comprises multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the parameter (1) username (variable $usernameb) to a_login.php or (2) user parameter to staff.php. The described r...
CVE-2007-5016
The CVE-2007-5016 entry describes a SQL injection in OneCMS 2.4, specifically in userreviews.php, exploitable via the abc parameter to allow remote SQL execution. The affected component is the userreviews.php path in OneCMS 2.4; root cause is improper handling of the abc parameter leading to SQL ...
CVE-2008-7209
CVE-2008-7209 describes an unrestricted file upload vulnerability in OneCMS 2.4 (a_upload.php, add2 action). The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a safe content type (e.g., image/gif), then accessing it via a direct reque...