Vulnerabilities for Justvisual (...) - CXSECURITY.COM

Vulnerabilities for 'Justvisual'

2010-04-06

CVE-2010-1268

CWE-22

Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.

2009-10-01

CVE-2009-3511

Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php.

Copyright 2024, cxsecurity.com