RSS   Vulnerabilities for 'Diskos cms'   RSS

2010-04-22
 
CVE-2009-4799

CWE-264
 

 
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.

 
 
CVE-2009-4798

CWE-89
 

 
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.

 


Copyright 2024, cxsecurity.com

 

Back to Top