Livecms

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2007-3292	0.03	—	0.06	Jun 20, 2007	Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
CVE-2007-3293	0.03	—	0.01	Jun 20, 2007	SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-3290	0.03	—	0.06	Jun 20, 2007	categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
CVE-2007-3291	0.03	—	0.04	Jun 20, 2007	Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.

CVE-2007-3292Jun 20, 2007
risk 0.03cvss —epss 0.06
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
CVE-2007-3293Jun 20, 2007
risk 0.03cvss —epss 0.01
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-3290Jun 20, 2007
risk 0.03cvss —epss 0.06
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
CVE-2007-3291Jun 20, 2007
risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.