Produkt Asp-cms (...) - CVEMAP.ORG

Podatności dla 'Asp-cms'

2009-03-02

CVE-2008-6353

CWE-89

SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter.

2007-10-06

CVE-2007-5260

CWE-264

ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb.

Copyright 2024, cxsecurity.com