CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-7080 – exV2 < 2.0.4.3 - 'extract()' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-7080
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. Vulnerabilidad de escalado de directorio en la funcionalidad promocionar avatar en exV2 2.0.4.3 y versiones anteriores permite a atacantes remotos borrar ficheros de su elección mediante secuencias ".." en el parámetro old_avatar. • https://www.exploit-db.com/exploits/2415 http://www.securityfocus.com/bid/20161 https://exchange.xforce.ibmcloud.com/vulnerabilities/29130 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2006-5030 – exV2 < 2.0.4.3 - 'sort' SQL Injection
https://notcve.org/view.php?id=CVE-2006-5030
SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. Vulnerabilidad de inyección SQL en modules/messages/index.php en exV2 2.0.4.3 y anteriores permite a un usuario remoto validado ejecutar comandos SQL de su elección a través del parámetro sort. • https://www.exploit-db.com/exploits/2406 http://secunia.com/advisories/22045 http://www.securityfocus.com/bid/20143 https://exchange.xforce.ibmcloud.com/vulnerabilities/29079 •