CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1513 – Danneo CMS 0.5.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-1513
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. Vulnerabilidad de Inyección SQL en index.php de Danneo CMS 0.5.1 y versiones anteriores, cuando la opción Referers statistics está activada, permite a atacantes remotos ejecutar comandos SQL de su elección mediante la cabecera HTTP Referer. • https://www.exploit-db.com/exploits/5239 https://exchange.xforce.ibmcloud.com/vulnerabilities/41153 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 2CVE-2006-1371 – XHP CMS 0.5 - 'upload' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-1371
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. • https://www.exploit-db.com/exploits/1605 http://secunia.com/advisories/19353 http://www.attrition.org/pipermail/vim/2006-March/000649.html http://www.osvdb.org/24058 http://www.osvdb.org/24059 http://www.securityfocus.com/bid/17209 http://www.vupen.com/english/advisories/2006/1052 http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10 https://exchange.xforce.ibmcloud.com/vulnerabilities/25399 • CWE-94: Improper Control of Generation of Code ('Code Injection') •