RSS   Vulnerabilities for 'Onecms'   RSS

2011-10-07
 
CVE-2010-4877

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

 
2010-03-10
 
CVE-2010-0952

CWE-89
 

 
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.

 
2009-04-07
 
CVE-2008-6652

 

 
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.

 
2008-05-28
 
CVE-2008-2482

CWE-22
 

 
Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action.

 

 >>> Vendor: Insanevisions 4 Products
Onecms
Adaptbb
Adapcms
Adaptcms


Copyright 2021, cxsecurity.com

 

Back to Top