2 matches found
CVE-2009-2223
LightOpenCMS 0.1 pre-alpha is affected by a local file inclusion (LFI) in smarty.php, exploitable via a directory traversal in the cwd parameter. An attacker can potentially include and execute arbitrary local files in the webserver context. Public references in connected documents confirm LightO...
CVE-2009-1766
CVE-2009-1766 affects LightOpenCMS 0.1, where a SQL injection in index.php allows remote attackers to execute arbitrary SQL commands via the id parameter. The vulnerability arises in the input handling of id, enabling manipulation of the underlying database query. Public references include exploi...