2 matches found
CVE-2007-2099
CVE-2007-2099 affects OpenConcept Back-End CMS 0.4.7. The vulnerability is a cross-site scripting (XSS) in htdocs/php.php via the page[] parameter, allowing remote attackers to inject arbitrary script/HTML. The CVSSv2 vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) yields a base score of 6.8 (MEDIUM) with ne...
CVE-2007-2097
OpenConcept Back-End CMS 0.4.7 is affected by CVE-2007-2097, a set of PHP remote file inclusion vulnerabilities. The flaw allows an attacker to execute arbitrary PHP code by providing a URL in the includes_path parameter to multiple PHP files in htdocs/site-admin/ (and related files in htdocs/). ...