VYPR

CMS

by Havalite

CVEs (27)

  • CVE-2022-38329Sep 13, 2022
    risk 0.00cvss epss 0.00

    A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft a malicious link, potentially causing the administrator to perform unintended actions on an affected system. The vulnerability could allow attackers to modify or delete specific…

  • CVE-2020-36544Jun 4, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the…

  • CVE-2020-36543Jun 4, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the…

  • CVE-2019-18883Nov 13, 2019
    risk 0.00cvss epss 0.01

    XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.

  • CVE-2019-17434Oct 10, 2019
    risk 0.00cvss epss 0.01

    LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.

  • CVE-2012-5893Nov 17, 2012
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.

  • CVE-2012-5892Nov 17, 2012
    risk 0.00cvss epss 0.01

    Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.

Page 2 of 2