cbcvebase.

Havalite Cms vulnerabilities

4 known vulnerabilities affecting havalite/cms.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2012-5894P3HIGHCVSS 7.5PoC≤ 1.1.02012-11-17
CVE-2012-5894 [HIGH] CWE-89 CVE-2012-5894: SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attacke SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
nvd
CVE-2012-5893P3MEDIUMCVSS 6.8≤ 1.1.02012-11-17
CVE-2012-5893 [MEDIUM] CVE-2012-5893: Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows r Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.
nvd
CVE-2012-5919P4MEDIUMCVSS 4.3PoC≤ 1.0.42012-11-19
CVE-2012-5919 [MEDIUM] CWE-79 CVE-2012-5919: Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attac Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId para
nvd
CVE-2012-5892P4MEDIUMCVSS 5.0≤ 1.1.02012-11-17
CVE-2012-5892 [MEDIUM] CWE-264 CVE-2012-5892: Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient acc Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.
nvd
Havalite Cms vulnerabilities | cvebase