CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44871
https://notcve.org/view.php?id=CVE-2024-44871
10 Sep 2024 — An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/moziloDasEinsteigerCMS/mozilo3.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44872
https://notcve.org/view.php?id=CVE-2024-44872
10 Sep 2024 — A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. • https://github.com/moziloDasEinsteigerCMS/mozilo3.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29368
https://notcve.org/view.php?id=CVE-2024-29368
22 Apr 2024 — An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content. Un problema descubierto en moziloCMS v2.0 permite a los atacantes eludir las restricciones de carga de archivos y ejecutar código arbitrario cambiando la extensión del archivo después de la carga mediante una solicitud POST manipulada. • https://github.com/becpn/mozilocms • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23357
https://notcve.org/view.php?id=CVE-2022-23357
03 Feb 2022 — mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. Se ha detectado que mozilo 2.0, es vulnerable a ataques de salto de directorio por medio del parámetro curent_dir • https://github.com/truonghuuphuc/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25394
https://notcve.org/view.php?id=CVE-2020-25394
09 Jul 2021 — A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en moziloCMS versión 2.0, permite a atacantes autenticados ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada introducida en el parámetro "Content" • https://github.com/mozilo/mozilo2.0/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4209 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4209
04 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/index.php de moziloCMS 1.11.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) "cat" y (... • https://www.exploit-db.com/exploits/8394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-1367 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1367
22 Apr 2009 — Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en moziloCMS v1.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro "query" en la acción de búsqueda, siendo una vulnerabilidad diferente que CVE-2008-6127.... • https://www.exploit-db.com/exploits/8394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2009-1368 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1368
22 Apr 2009 — Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3. Vulnerabilidad de salto de directorio en index.php en moziloCMS v1.11 permite a atacantes remotos leer ficheros de su elección al utilizar los caracteres .. (punto punto) en el parámetro "page". • https://www.exploit-db.com/exploits/8394 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2009-1369 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1369
22 Apr 2009 — moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message. moziloCMS v1.11 permite a atacantes remotos obtener información sensible mediante el parámetro (1) "gal[]" en gallery.php, los parámetros (2) "page[]" y () "cat[]" en index.php, o el parámetro (4) "file[]" en download.php, revelando la ruta de instal... • https://www.exploit-db.com/exploits/8394 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2008-6127
https://notcve.org/view.php?id=CVE-2008-6127
13 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en moziloCMS v1.10.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos w... • http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •