RSS   Vulnerabilities for 'Artiphp cms'   RSS

2012-05-21
 
CVE-2012-2906

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.

 
 
CVE-2012-2905

CWE-264
 

 
Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

 


Copyright 2017, cxsecurity.com