RSS   Vulnerabilities for 'Ixprim cms'   RSS

2006-12-26
 
CVE-2006-6756

CWE-Other
 

 
The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.

 
 
CVE-2006-6755

CWE-Other
 

 
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.

 
 
CVE-2006-6754

CWE-Other
 

 
Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top