VYPR

It\!CMS

by Martin Unzner

CVEs (3)

  • CVE-2009-0493Feb 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.

  • CVE-2008-2192May 14, 2008
    risk 0.03cvss epss 0.04

    Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.

  • CVE-2007-4115Jul 31, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.