CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2009-3597 – Digitaldesign CMS 0.1 - Remote Database Disclosure
https://notcve.org/view.php?id=CVE-2009-3597
08 Oct 2009 — Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd. Digitaldesign CMS v0.1 guarda información sensible en el directorio web raíz con insuficiente control de acceso, lo que permite a los atacantes remotos descargar el fichero de la base de datos a través de una petición directa a autoconfig.dd. • https://www.exploit-db.com/exploits/9115 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-1480 – Pragyan CMS 2.6.4 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-1480
29 Apr 2009 — SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. Vulnerabilidad de inyección SQL en index.php en Pragyan CMS v2.6.4 permite a atacantes remotos ejecutar comandos SQL a través del parámetro fileget en una acción de vista y otros vectores no especificados. • https://www.exploit-db.com/exploits/8533 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2008-0141 – WebPortal CMS 0.6-beta - Remote Password Change
https://notcve.org/view.php?id=CVE-2008-0141
08 Jan 2008 — actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. actions.php de WebPortal CMS 0.6-beta genera contraseñas predecibles conteniendo sólo la hora del día, lo cual facilita a atacantes remotos obtener acceso a cualquier cuenta mediante una acción lostpass. • https://www.exploit-db.com/exploits/4835 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 50%CPEs: 4EXPL: 5CVE-2007-5156 – Lanius CMS 1.2.16 - 'FCKeditor' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-5156
01 Oct 2007 — Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. Una vulnerabilidad de lista negra incompleta en el archivo ... • https://www.exploit-db.com/exploits/5618 •