3 matches found
CVE-2009-3219
CVE-2009-3219 affects AR Web Content Manager (AWCM) 2.1. The vulnerability is a directory traversal in a.php where, if magic_quotes_gpc is disabled, an attacker can cause the application to include and execute arbitrary local files by supplying a .. in the a parameter. Impact per the NVD indicate...
CVE-2010-1066
AWCM 2.1 stores sensitive data under the web root with insufficient access control, enabling remote attackers to download the database via a direct request to control/db_backup.php. Impact is database disclosure; no exploit details are provided in the connected documents. Remediation not specifie...
CVE-2009-3218
Summary: CVE-2009-3218 describes an SQL injection in AR Web Content Manager (AWCM) 2.1, exploitable when magic_quotes_gpc is disabled, via the username parameter in control/login.php. Affected software: AR Web Content Manager (AWCM) 2.1. The vulnerability originates from improper handling of user...