Globiz Solutions Snowfox Content Management System vulnerabilities
2 known vulnerabilities affecting globiz_solutions/snowfox_content_management_system.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2014-9344P4MEDIUMCVSS 6.8PoC≤ 1.02014-12-08
CVE-2014-9344 [MEDIUM] CWE-352 CVE-2014-9344: Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/.
nvd
CVE-2014-9343P4MEDIUMCVSS 5.8v1.02014-12-08
CVE-2014-9343 [MEDIUM] CVE-2014-9343: Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0
Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/.
nvd