cbcvebase.

Exv2 Content Management System vulnerabilities

6 known vulnerabilities affecting exv2/content_management_system.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2006-7079P3CRITICALCVSS 9.8PoC≤ 2.0.4.32007-03-02
CVE-2006-7079 [CRITICAL] CWE-22 CVE-2006-7079: Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote at Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
nvd
CVE-2006-5030P3HIGHCVSS 7.5PoC≤ 2.0.4.32006-09-27
CVE-2006-5030 [HIGH] CVE-2006-5030: SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
nvd
CVE-2006-7080P4MEDIUMCVSS 4.3PoC≤ 2.0.4.32007-03-02
CVE-2006-7080 [MEDIUM] CVE-2006-7080: Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows re Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
nvd
CVE-2007-1966P4CRITICALCVSS 9.1v2.0.4.32007-04-11
CVE-2007-1966 [CRITICAL] CWE-287 CVE-2007-1966: Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
nvd
CVE-2007-4365P4MEDIUMCVSS 4.3≤ 2.0.52007-08-15
CVE-2007-4365 [MEDIUM] CVE-2007-4365: Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to in Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.
nvd
CVE-2007-1965P4MEDIUMCVSS 4.3≤ 2.0.4.32007-04-11
CVE-2007-1965 [MEDIUM] CVE-2007-1965: Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote att Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
nvd
Exv2 Content Management System vulnerabilities | cvebase