CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 3CVE-2008-6617 – SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-6617
Unrestricted file upload vulnerability in adm/visual/upload.php in SiteXS CMS 0.1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. Vulnerabilidad de actualización de archivo en adm/visual/upload.php en SiteXS CMS v0.1.1 permite a atacantes remotos ejecutar código de su elección mediante la subida de un fichero con una extensión ejecutable, entonces accede a él a través de una petición directa al fichero en images/. • https://www.exploit-db.com/exploits/31729 http://www.securityfocus.com/archive/1/491578/100/0/threaded http://www.securityfocus.com/bid/29029 https://exchange.xforce.ibmcloud.com/vulnerabilities/42250 https://www.exploit-db.com/exploits/5726 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0371 – SiteXS CMS 0.1.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-0371
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter. Vulnerabilidad de salto de directorio en post.php en SiteXS CMS v0.1.1 y anteriores permite a atacantes remotos incluir y ejecutar ficheros de su elección mediante un .. (punto punto) en el parámetro type. • https://www.exploit-db.com/exploits/7879 http://www.securityfocus.com/bid/33457 http://www.vupen.com/english/advisories/2009/0247 https://exchange.xforce.ibmcloud.com/vulnerabilities/48236 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •