Yannick Tanguy Else If Cms vulnerabilities
4 known vulnerabilities affecting yannick_tanguy/else_if_cms.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2007-5305P3HIGHCVSS 7.5PoCv0.6-beta2007-10-09
CVE-2007-5305 [HIGH] CWE-94 CVE-2007-5305: Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to
Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and
nvd
CVE-2007-5307P3HIGHCVSS 7.5PoCv0.6-beta2007-10-09
CVE-2007-5307 [HIGH] CVE-2007-5307: ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric paramet
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset P
nvd
CVE-2007-5304P4MEDIUMCVSS 4.3PoCv0.6-beta2007-10-09
CVE-2007-5304 [MEDIUM] CWE-79 CVE-2007-5304: Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to module
nvd
CVE-2007-5306P4MEDIUMCVSS 5.0PoCv0.6-beta2007-10-09
CVE-2007-5306 [MEDIUM] CWE-22 CVE-2007-5306: ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecif
ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.
nvd