Lucene search
K
InsanevisionsOnecms

4 matches found

CVE
CVE
added 2011/10/07 10:0 a.m.52 views

CVE-2010-4877

CVE-2010-4877 corresponds to a cross-site scripting (XSS) vulnerability in OneCMS 2.6.1, exploitable via the index.php view parameter. The issue arises because user-supplied data is not sufficiently sanitized, allowing an attacker to inject arbitrary script/HTML that could run in victims’ browser...

4.3CVSS5.8AI score0.01504EPSS
CVE
CVE
added 2009/04/07 10:0 a.m.51 views

CVE-2008-6652

The vulnerability CVE-2008-6652 affects OneCMS 2.5, specifically in asd.php where the sitename parameter enables SQL injection. This could allow remote attackers to execute arbitrary SQL commands. The provided documents do not include a remediation or patch details.

7.5CVSS8.7AI score0.00967EPSS
CVE
CVE
added 2010/03/09 8:0 p.m.47 views

CVE-2010-0952

CVE-2010-0952 is a SQL injection vulnerability in OneCMS 2.5, triggered when magic_quotes_gpc is disabled. The flaw resides in index.php and allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. The CVSS base score is 6.8 (Medium) with Network attack...

6.8CVSS8.7AI score0.0095EPSS
CVE
CVE
added 2008/05/28 3:0 p.m.42 views

CVE-2008-2482

CVE-2008-2482 affects OneCMS 2.5 from insanevisions via a directory traversal in install_mod.php. The load parameter in the go action can be manipulated with .. to include and execute arbitrary local files. The NVD entry lists a CVSSv2 base score of 7.5 (HIGH) with network access, low attack comp...

7.5CVSS7.1AI score0.02843EPSS