CMS
by Havalite
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38329 | 0.00 | — | 0.00 | Sep 13, 2022 | A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific… | |||
| CVE-2020-36544 | 0.00 | — | 0.01 | Jun 4, 2022 | A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the… | |||
| CVE-2020-36543 | 0.00 | — | 0.01 | Jun 4, 2022 | A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the… | |||
| CVE-2019-18883 | 0.00 | — | 0.01 | Nov 13, 2019 | XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | |||
| CVE-2019-17434 | 0.00 | — | 0.01 | Oct 10, 2019 | LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | |||
| CVE-2012-5893 | 0.00 | — | 0.03 | Nov 17, 2012 | Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/. | |||
| CVE-2012-5892 | 0.00 | — | 0.01 | Nov 17, 2012 | Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3. |
- CVE-2022-38329Sep 13, 2022risk 0.00cvss —epss 0.00
A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific…
- CVE-2020-36544Jun 4, 2022risk 0.00cvss —epss 0.01
A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the…
- CVE-2020-36543Jun 4, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the…
- CVE-2019-18883Nov 13, 2019risk 0.00cvss —epss 0.01
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
- CVE-2019-17434Oct 10, 2019risk 0.00cvss —epss 0.01
LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
- CVE-2012-5893Nov 17, 2012risk 0.00cvss —epss 0.03
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.
- CVE-2012-5892Nov 17, 2012risk 0.00cvss —epss 0.01
Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.
Page 2 of 2