Exv2 Content Management System vulnerabilities
6 known vulnerabilities affecting exv2/content_management_system.
Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2006-7079P3CRITICALCVSS 9.8PoC≤ 2.0.4.32007-03-02
CVE-2006-7079 [CRITICAL] CWE-22 CVE-2006-7079: Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote at
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
nvd
CVE-2006-5030P3HIGHCVSS 7.5PoC≤ 2.0.4.32006-09-27
CVE-2006-5030 [HIGH] CVE-2006-5030: SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote
SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
nvd
CVE-2006-7080P4MEDIUMCVSS 4.3PoC≤ 2.0.4.32007-03-02
CVE-2006-7080 [MEDIUM] CVE-2006-7080: Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows re
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
nvd
CVE-2007-1966P4CRITICALCVSS 9.1v2.0.4.32007-04-11
CVE-2007-1966 [CRITICAL] CWE-287 CVE-2007-1966: Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
nvd
CVE-2007-4365P4MEDIUMCVSS 4.3≤ 2.0.52007-08-15
CVE-2007-4365 [MEDIUM] CVE-2007-4365: Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to in
Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.
nvd
CVE-2007-1965P4MEDIUMCVSS 4.3≤ 2.0.4.32007-04-11
CVE-2007-1965 [MEDIUM] CVE-2007-1965: Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote att
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
nvd