RSS   Vulnerabilities for 'Samepage'   RSS

2015-02-24
 
CVE-2015-2071

 

 
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.

 
 
CVE-2015-2070

 

 
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.

 


Copyright 2024, cxsecurity.com

 

Back to Top