VYPR

Chicomas

by Chilkat Software

CVEs (4)

  • CVE-2008-5853Jan 6, 2009
    risk 0.03cvss epss 0.03

    Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups…

  • CVE-2008-2186May 13, 2008
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

  • CVE-2008-2016Apr 30, 2008
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute…

  • CVE-2008-2017Apr 30, 2008
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/.