Jaf Cms Security Vulnerabilities and Issues — Jaf Cms CVE List

Lucene search

Salims SofthouseJaf Cms

9 matches found

CVE•added 2005/02/19 5:0 a.m.•42 views

CVE-2004-1505

Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter.

7.5CVSS7.6AI score0.01288EPSS

CVE•added 2006/10/03 4:3 a.m.•42 views

CVE-2006-5131

module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "", possibly due to a static code injection vulnerability involving admin/data_inc.php.

7.5CVSS8.3AI score0.01922EPSS

CVE•added 2007/11/27 7:46 p.m.•41 views

CVE-2007-6142

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknow...

4.3CVSS5.7AI score0.00296EPSS

CVE•added 2005/02/19 5:0 a.m.•39 views

CVE-2004-1504

The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php.

5CVSS6.9AI score0.00462EPSS

CVE•added 2005/06/28 4:0 a.m.•37 views

CVE-2005-2053

Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup su...

5CVSS6.6AI score0.00312EPSS

CVE•added 2006/10/03 4:3 a.m.•34 views

CVE-2006-5129

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message b...

6.8CVSS6.1AI score0.00971EPSS

CVE•added 2007/03/06 1:19 a.m.•34 views

CVE-2006-7128

PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.

7.5CVSS7.9AI score0.04158EPSS

CVE•added 2006/10/03 4:3 a.m.•33 views

CVE-2006-5130

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown;...

6.8CVSS5.9AI score0.00834EPSS

CVE•added 2007/03/06 1:19 a.m.•33 views

CVE-2006-7127

Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.

6.8CVSS7.6AI score0.0795EPSS