4 matches found
CVE-2010-4877
CVE-2010-4877 corresponds to a cross-site scripting (XSS) vulnerability in OneCMS 2.6.1, exploitable via the index.php view parameter. The issue arises because user-supplied data is not sufficiently sanitized, allowing an attacker to inject arbitrary script/HTML that could run in victims’ browser...
CVE-2008-6652
The vulnerability CVE-2008-6652 affects OneCMS 2.5, specifically in asd.php where the sitename parameter enables SQL injection. This could allow remote attackers to execute arbitrary SQL commands. The provided documents do not include a remediation or patch details.
CVE-2010-0952
CVE-2010-0952 is a SQL injection vulnerability in OneCMS 2.5, triggered when magic_quotes_gpc is disabled. The flaw resides in index.php and allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. The CVSS base score is 6.8 (Medium) with Network attack...
CVE-2008-2482
CVE-2008-2482 affects OneCMS 2.5 from insanevisions via a directory traversal in install_mod.php. The load parameter in the go action can be manipulated with .. to include and execute arbitrary local files. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) with network access, low attack comp...