Freeway Security Vulnerabilities and Issues — Freeway CVE List

Lucene search

OpenfreewayFreeway

4 matches found

CVE•added 2008/08/22 4:41 p.m.•42 views

CVE-2008-3770

Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/accou...

6.8CVSS7.1AI score0.0487EPSS

CVE•added 2008/08/22 4:41 p.m.•37 views

CVE-2008-3769

PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.

6.8CVSS7.5AI score0.00667EPSS

CVE•added 2008/08/27 8:41 p.m.•35 views

CVE-2008-3841

Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter.

4.3CVSS6.7AI score0.00256EPSS

CVE•added 2008/08/14 7:41 p.m.•33 views

CVE-2008-3677

Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.

6.8CVSS7.1AI score0.00161EPSS