VYPR

Sitex

by Bj Sintay

CVEs (7)

  • CVE-2010-1343Apr 9, 2010
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

  • CVE-2009-1846Jun 1, 2009
    risk 0.03cvss epss 0.02

    Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the THEME_FOLDER parameter to (1) Corporate/homepage.php, (2) Fusion/homepage.php, (3) Joombo/homepage.php,…

  • CVE-2007-5141Sep 28, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.

  • CVE-2007-1237Mar 3, 2007
    risk 0.00cvss epss 0.01

    sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.

  • CVE-2007-1234Mar 3, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to…

  • CVE-2007-1235Mar 3, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.

  • CVE-2007-1236Mar 3, 2007
    risk 0.00cvss epss 0.01

    sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.