CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2009-1659 – eLitius 1.0 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2009-1659
17 May 2009 — Unrestricted file upload vulnerability in admin/uploadimage.php in eLitius 1.0 allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files via an avatar file with an accepted Content-Type such as image/gif, then requesting the file in admin/banners/. Vulnerabilidad de carga de archivos sin restricciones en admin/uploadimage.php en eLitius v1.0 permite a atacantes remotos saltarse las restricciones de acceso puestas y subir y ejecutar ficheros de su elección a través... • https://www.exploit-db.com/exploits/8603 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-1506 – eLitius 1.0 - 'banner-details.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-1506
01 May 2009 — SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php. Vulnerabilidad de inyección de SQL en las classes/Xp.php en eLitius v1.0 permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro id a banner-details.php. • https://www.exploit-db.com/exploits/8563 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •