CVSS: 9.8EPSS: 50%CPEs: 4EXPL: 5CVE-2007-5156 – Lanius CMS 1.2.16 - 'FCKeditor' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-5156
01 Oct 2007 — Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. Una vulnerabilidad de lista negra incompleta en el archivo ... • https://www.exploit-db.com/exploits/5618 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 4CVE-2007-4210 – Lanius CMS 1.2.14 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-4210
08 Aug 2007 — Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules. Múltiples vulnerabilidades de inyección SQL en module.php de LANAI (la-nai) CMS 1.2.14 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) mid ... • https://www.exploit-db.com/exploits/4258 •