cbcvebase.

Bluevirus-Design Sma-Db vulnerabilities

4 known vulnerabilities affecting bluevirus-design/sma-db.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2007-0797P3HIGHCVSS 7.5PoCv0.3.92007-02-06
CVE-2007-0797 [HIGH] CVE-2007-0797: PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and e PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.
nvd
CVE-2009-1450P3HIGHCVSS 7.5PoCv0.3.122009-04-28
CVE-2009-1450 [HIGH] CWE-94 CVE-2009-1450: PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to ex PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter.
nvd
CVE-2009-1452P3HIGHCVSS 7.5PoCv0.3.132009-04-28
CVE-2009-1452 [HIGH] CVE-2009-1452: Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450.
nvd
CVE-2009-1451P4MEDIUMCVSS 4.3PoCv0.3.122009-04-28
CVE-2009-1451 [MEDIUM] CWE-79 CVE-2009-1451: Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers t Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
nvd