Xcms vulnerabilities
2 known vulnerabilities affecting xcms/xcms.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2007-6652P3HIGHCVSS 7.5PoC≤ 1.832008-01-04
CVE-2007-6652 [HIGH] CWE-94 CVE-2007-6652: cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allow
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
nvd
CVE-2007-6604P4MEDIUMCVSS 5.0PoCv1.822007-12-31
CVE-2007-6604 [MEDIUM] CWE-22 CVE-2007-6604: Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote atta
Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in im
nvd