The-Ghost Ar Web Content Manager vulnerabilities
3 known vulnerabilities affecting the-ghost/ar_web_content_manager.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2009-3219P3MEDIUMCVSS 6.8PoCv2.12009-09-16
CVE-2009-3219 [MEDIUM] CWE-22 CVE-2009-3219: Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_g
Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter.
nvd
CVE-2009-3218P3MEDIUMCVSS 6.8PoCv2.12009-09-16
CVE-2009-3218 [MEDIUM] CWE-89 CVE-2009-3218: SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_qu
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
nvd
CVE-2010-1066P3MEDIUMCVSS 5.0PoCv2.12010-03-23
CVE-2010-1066 [MEDIUM] CWE-264 CVE-2010-1066: AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
nvd