2 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter. Vulnerabilidad de inyección SQL en el archivo index.php en CMS little 0.0.1 permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través del parámetro term. • https://www.exploit-db.com/exploits/7269 http://securityreason.com/securityalert/4781 http://www.securityfocus.com/bid/32523 https://exchange.xforce.ibmcloud.com/vulnerabilities/46931 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter. Vulnerabilidad de salto de directorio en index.php de CMS little 0.0.1 permite a atacantes remotos incluir y ejecutar ficheros locales, y posiblemente ficheros remotos, a través de .. (punto punto) en el parámetro template. • https://www.exploit-db.com/exploits/5992 http://www.securityfocus.com/bid/30061 https://exchange.xforce.ibmcloud.com/vulnerabilities/43539 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •