CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0451 – PacerCMS 0.6 - 'id' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-0451
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. Múltiples vulnerabilidades de inyección SQL en PacerCMS 0.6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante el parámetro id a (1) siteadmin/article-edit.php; y parámetros no especificados a (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, y (6) staff-access.php en siteadmin/. • https://www.exploit-db.com/exploits/31048 http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue http://securityreason.com/securityalert/3574 http://www.securityfocus.com/archive/1/486796/100/0/threaded http://www.securityfocus.com/bid/27397 https://exchange.xforce.ibmcloud.com/vulnerabilities/39833 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0426
https://notcve.org/view.php?id=CVE-2008-0426
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo submit.php en PacerCMS versiones anteriores a 0.6.1, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del campo (1) name, (2) headline o (3) text en un mensaje . • http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue http://secunia.com/advisories/28605 http://www.securityfocus.com/archive/1/486796/100/0/threaded http://www.securityfocus.com/bid/27386 https://exchange.xforce.ibmcloud.com/vulnerabilities/39832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 69%CPEs: 6EXPL: 6CVE-2007-5056 – CMS Made Simple 1.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-5056
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. Una vulnerabilidad de inyección Eval en el archivo adodb-perf-module.inc.php en ADOdb Lite versiones 1.42 y anteriores, como es usado en productos como CMS Made Simple, SAPID CMF, Journalness, PacerCMS y Open-Realty, permite a atacantes remotos ejecutar código arbitrario por medio de secuencias PHP en el parámetro last_module. • https://www.exploit-db.com/exploits/4442 https://www.exploit-db.com/exploits/5091 https://www.exploit-db.com/exploits/5090 https://www.exploit-db.com/exploits/5098 https://www.exploit-db.com/exploits/5097 http://osvdb.org/40596 http://osvdb.org/41422 http://osvdb.org/41426 http://osvdb.org/41427 http://osvdb.org/41428 http://secunia.com/advisories/26928 http://secunia.com/advisories/28859 http://secunia.com/advisories/28873 http://secunia.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •