2 matches found
CVE-2006-2519
Summary of CVE-2006-2519 (phpwcms/spaw_root RFI) Affected product: phpwcms 1.2.5-DEV (SPA W Editor PHP Edition note indicates the underlying issue may be in SPAW Editor PHP Edition). Vulnerability: Directory traversal allows remote attackers to include arbitrary local files via .. sequences in th...
CVE-2006-2518
CVE-2006-2518 affects phpWCMS 1.2.5-DEV where a crafted value in the BL[be_cnt_plainhtml] parameter is echoed into include/inc_tmpl/content/cnt6.inc.php, enabling cross-site scripting. The vulnerability originates from improper handling of user-supplied input in that parameter, leading to arbitra...