Campware.Org Campsite vulnerabilities
8 known vulnerabilities affecting campware.org/campsite.
Total CVEs
8
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2006-5911P3HIGHCVSS 7.5PoCv2.6.0v2.6.12006-11-15
CVE-2006-5911 [HIGH] CVE-2006-5911: Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote at
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) Arti
nvd
CVE-2009-2183P3HIGHCVSS 7.5PoCv3.3.02009-06-23
CVE-2009-2183 [HIGH] CWE-22 CVE-2009-2183: Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attacker
Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter.
nvd
CVE-2006-5910P3HIGHCVSS 7.5PoCv2.6.0v2.6.12006-11-15
CVE-2006-5910 [HIGH] CVE-2006-5910: Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/.
nvd
CVE-2009-2182P3MEDIUMCVSS 6.8PoCv3.3.02009-06-23
CVE-2009-2182 [MEDIUM] CWE-94 CVE-2009-2182: Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to e
Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) inclu
nvd
CVE-2010-1867P3HIGHCVSS 7.5≤ 3.3.5v2.2.2+21 more2010-05-07
CVE-2010-1867 [HIGH] CWE-89 CVE-2010-1867: SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javasc
SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
nvd
CVE-2009-2181P4MEDIUMCVSS 4.3PoCv3.3.02009-06-23
CVE-2009-2181 [MEDIUM] CWE-79 CVE-2009-2181: Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1
Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter.
nvd
CVE-2006-5912P4CRITICALCVSS 10.0v2.6.0v2.6.12006-11-15
CVE-2006-5912 [CRITICAL] CVE-2006-5912: Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, r
Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.
nvd
CVE-2005-4661P4MEDIUMCVSS 5.0v2.2.22005-12-31
CVE-2005-4661 [MEDIUM] CVE-2005-4661: The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain une
The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.
nvd