RSS   Vulnerabilities for 'Ezportal ztml cms'   RSS

2006-08-31
 
CVE-2006-4502

CWE-Other
 

 
ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script.

 
 
CVE-2006-4501

CWE-Other
 

 
SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters.

 
 
CVE-2006-4500

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters.

 


Copyright 2019, cxsecurity.com

 

Back to Top