CVSS: 7.5EPSS: 30%CPEs: 4EXPL: 5CVE-2007-5156 – Lanius CMS 1.2.16 - 'FCKeditor' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-5156
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. Una vulnerabilidad de lista negra incompleta en el archivo editor/filemanager/upload/php/upload.php en FCKeditor, tal y como es usado en SiteX CMS versiones 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, y probablemente otros productos, permite a atacantes remotos cargar y ejecutar código PHP arbitrario por medio de un archivo cuyo nombre contiene ".php." y que presenta una extensión desconocida, la cual es reconocida como un archivo .php por el servidor HTTP de Apache, una vulnerabilidad diferente de CVE-2006-0658 y CVE-2006-2529. • https://www.exploit-db.com/exploits/5618 https://www.exploit-db.com/exploits/5688 http://dev.fckeditor.net/changeset/973 http://dev.fckeditor.net/ticket/1325 http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php http://secunia.com/advisories/27123 http://secunia.com/advisories/27174 http://securityreason.com/securityalert/3182 http://sourceforge.net/forum/forum.php?forum_id=743930 http://sourceforge.net/project/shownotes.php?release_id=546000 http://www.securityfocus.c •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 4CVE-2007-4210 – Lanius CMS 1.2.14 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-4210
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules. Múltiples vulnerabilidades de inyección SQL en module.php de LANAI (la-nai) CMS 1.2.14 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) mid en una acción faqviewgroup en los Módulos FAQ (preguntas frecuentes), el parámetro (2) cid en Módulos EZSHOPINGCART, o el parámetro (3) gid en una acción view en los Módulos GALLERY. • https://www.exploit-db.com/exploits/4258 https://www.exploit-db.com/exploits/30449 https://www.exploit-db.com/exploits/30448 https://www.exploit-db.com/exploits/30450 http://osvdb.org/36438 http://osvdb.org/37470 http://osvdb.org/37471 http://secunia.com/advisories/26339 http://securityreason.com/securityalert/2975 http://www.securityfocus.com/archive/1/475447 http://www.securityfocus.com/bid/25193 https://exchange.xforce.ibmcloud.com/vulnerabilities/35786 •