RSS   Vulnerabilities for 'Enano cms'   RSS

2011-04-07
 
CVE-2010-4781

CWE-200
 

 
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.

 
 
CVE-2010-4780

CWE-89
 

 
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.

 

 >>> Vendor: Enanocms 2 Products
Enanocms
Enano cms


Copyright 2024, cxsecurity.com

 

Back to Top