Cms.Tut.Su Cms Chainuk vulnerabilities
4 known vulnerabilities affecting cms.tut.su/cms_chainuk.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-2333P3HIGHCVSS 7.5PoC≤ 1.22009-07-05
CVE-2009-2333 [HIGH] CWE-22 CVE-2009-2333: Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers t
Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to admin/admin_menu.php, and the id parameter to (2) index.php and (3) admin/admin_edit.php; and (4) delete arbitrary local files via a .. (dot dot) in the id paramete
nvd
CVE-2009-2331P3HIGHCVSS 7.5PoC≤ 1.22009-07-05
CVE-2009-2331 [HIGH] CWE-94 CVE-2009-2331: Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php.
nvd
CVE-2009-2332P4MEDIUMCVSS 5.0PoC≤ 1.22009-07-05
CVE-2009-2332 [MEDIUM] CWE-200 CVE-2009-2332: CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafte
CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.
nvd
CVE-2009-2330P4MEDIUMCVSS 4.3PoC≤ 1.22009-07-05
CVE-2009-2330 [MEDIUM] CWE-79 CVE-2009-2330: Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allo
Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
nvd