CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2010-1066 – AWCM - Database Disclosure
https://notcve.org/view.php?id=CVE-2010-1066
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. AR Web Content Manager (AWCM) v2.1 almacena información sensible bajo el directorio web raíz con un control de acceso insuficiente, lo que permite a atacantes remotos descargar la base de datos a través de una petición directa para control/db_backup.php. • https://www.exploit-db.com/exploits/11025 http://packetstormsecurity.org/1001-exploits/awcm-backup.txt http://secunia.com/advisories/38065 http://www.exploit-db.com/exploits/11025 https://exchange.xforce.ibmcloud.com/vulnerabilities/55445 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3218 – AWCM 2.1 - Local File Inclusion / Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-3218
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. Vulnerabilidad de inyección SQL en control/login.php en AR Web Content Manager (AWCM) v2.1, cuando magic_quotes_gpc es disactivado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro username. • https://www.exploit-db.com/exploits/9237 http://osvdb.org/56338 http://secunia.com/advisories/35955 http://www.exploit-db.com/exploits/9237 https://exchange.xforce.ibmcloud.com/vulnerabilities/51980 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2009-3219 – AWCM 2.1 - Local File Inclusion / Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-3219
Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter. Vulnerabilidad de salto de directorio en a.php en AR Web Content Manager (AWCM) v2.1, cuando magic_quotes_gpc es desactivado, permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de ... (punto a punto) en el parámetro a. • https://www.exploit-db.com/exploits/9237 http://osvdb.org/56336 http://secunia.com/advisories/35955 http://www.exploit-db.com/exploits/9237 https://exchange.xforce.ibmcloud.com/vulnerabilities/51979 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •