cbcvebase.

Fuzzylime Cms vulnerabilities

6 known vulnerabilities affecting fuzzylime/fuzzylime_cms.

Total CVEs
6
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2009-2176P3HIGHCVSS 7.5PoCv3.03a2009-06-23
CVE-2009-2176 [HIGH] CWE-22 CVE-2009-2176: Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.php and the (2) template parameter to code/display.php.
nvd
CVE-2008-3164P3HIGHCVSS 7.6PoCv3.012008-07-14
CVE-2008-3164 [HIGH] CWE-22 CVE-2008-3164: Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disa Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
nvd
CVE-2008-5291P3HIGHCVSS 7.5PoCv3.032008-12-01
CVE-2008-5291 [HIGH] CVE-2008-5291: Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to inc Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
nvd
CVE-2009-2177P3MEDIUMCVSS 6.8PoCv3.03a2009-06-23
CVE-2009-2177 [MEDIUM] CWE-22 CVE-2009-2177: code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows rem code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a "../" value.
nvd
CVE-2008-3165P3MEDIUMCVSS 6.8PoC≤ 3.012008-07-14
CVE-2008-3165 [MEDIUM] CVE-2008-3165: Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.
nvd
CVE-2008-3098P4MEDIUMCVSS 4.3PoCv3.0v3.01+3 more2008-09-24
CVE-2008-3098 [MEDIUM] CWE-79 CVE-2008-3098: Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allow Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.
nvd