VYPR

Cjay Content Module

by XOOPS

CVEs (2)

  • CVE-2007-3220Jun 14, 2007
    risk 0.08cvss epss 0.63

    PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be a duplicate of CVE-2006-4656.

  • CVE-2009-4360Dec 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.