Freeway Security Vulnerabilities and Issues — Freeway CVE List

OpenfreewayFreeway

7 matches found

CVE•added 2008/08/22 4:0 p.m.•51 views

CVE-2008-3770

Summary: CVE-2008-3770 and related entries describe directory traversal in Freeway. The connected records confirm that vulnerable components include Freeway before 1.4.2.197 (and for CVE-2008-3770, Freeway 1.4.1.171) and involve includes/languages and templates where a crafted language parameter ...

6.8CVSS7.1AI score0.02387EPSS

Web

CVE•added 2008/08/14 7:0 p.m.•47 views

CVE-2008-3677

Summary (concrete details from documents): CVE-2008-3677 is a directory traversal vulnerability in Freeway prior to 1.4.2.197, affecting the includes/events_application_top.php file. The flaw allows remote attackers to include and execute arbitrary local files via unspecified vectors. The availab...

6.8CVSS7.1AI score0.01236EPSS

Web

CVE•added 2009/01/30 6:3 p.m.•47 views

CVE-2008-6013

The vulnerability CVE-2008-6013 affects Freeway before version 1.4.3.210. It describes multiple SQL injection vulnerabilities that could allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the advanced search result and service resource pages. The only remed...

7.5CVSS8.7AI score0.01063EPSS

CVE•added 2008/08/22 4:0 p.m.•45 views

CVE-2008-3769

CVE-2008-3769 describes a PHP remote file inclusion vulnerability in Freeway 1.4.1.171, specifically in admin/create_order_new.php. When register_globals is enabled, an attacker can supply a URL in the include_page parameter to cause the application to include remote PHP code, enabling arbitrary ...

6.8CVSS7.5AI score0.01219EPSS

Web

CVE•added 2008/08/27 8:0 p.m.•44 views

CVE-2008-3841

Technical details about CVE-2008-3841 are not publicly available in the provided connected documents. The initial description notes an XSS in Freeway eCommerce 1.4.1.171, but no vendor/versions/impact/fix are elaborated here. Monitor for updates.

4.3CVSS6.7AI score0.01656EPSS

Web

CVE•added 2011/09/23 11:0 p.m.•44 views

CVE-2011-3739

Freeway 1.5 Alpha is affected by an information-disclosure vulnerability where remote attackers can obtain the installation path by directly requesting certain PHP files (e.g., templates/Freeway/boxes/last_product.php). The issue stems from error messages revealing filesystem paths. Affected comp...

5CVSS6.3AI score0.01335EPSS

CVE•added 2010/07/30 8:0 p.m.•38 views

CVE-2010-2925

CVE-2010-2925 affects Freeway CMS 1.4.3.210, where a SQL injection in index.php via the ecPath parameter allows remote attackers to execute arbitrary SQL commands. This is documented across multiple sources (NVD entry and related records). The available materials describe the vulnerability and af...

7.5CVSS8.7AI score0.00967EPSS