NotCVE - vendor:"Little Cms" product:"Little Cms"

2 results (0.001 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2008-5628 – CMS little 0.0.1 - 'term' SQL Injection

https://notcve.org/view.php?id=CVE-2008-5628

SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter. Vulnerabilidad de inyección SQL en el archivo index.php en CMS little 0.0.1 permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través del parámetro term. • https://www.exploit-db.com/exploits/7269 http://securityreason.com/securityalert/4781 http://www.securityfocus.com/bid/32523 https://exchange.xforce.ibmcloud.com/vulnerabilities/46931 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

CVE-2008-3036 – CMS little 0.0.1 - 'template' Local File Inclusion

https://notcve.org/view.php?id=CVE-2008-3036

Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter. Vulnerabilidad de salto de directorio en index.php de CMS little 0.0.1 permite a atacantes remotos incluir y ejecutar ficheros locales, y posiblemente ficheros remotos, a través de .. (punto punto) en el parámetro template. • https://www.exploit-db.com/exploits/5992 http://www.securityfocus.com/bid/30061 https://exchange.xforce.ibmcloud.com/vulnerabilities/43539 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •