Flyspeck Cms vulnerabilities
2 known vulnerabilities affecting flyspeck/flyspeck_cms.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2009-1771P3HIGHCVSS 7.5PoCv6.82009-05-22
CVE-2009-1771 [HIGH] CWE-264 CVE-2009-1771: index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingC
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
nvd
CVE-2009-1770P3HIGHCVSS 7.5PoCv6.82009-05-22
CVE-2009-1770 [HIGH] CWE-22 CVE-2009-1770: Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
nvd