VYPR

Bandsite CMS

by Grayscale

CVEs (10)

  • CVE-2006-3193Jun 23, 2006
    risk 0.04cvss epss 0.15

    Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in…

  • CVE-2009-4793Apr 22, 2010
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then…

  • CVE-2009-4792Apr 22, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.

  • CVE-2008-7058Aug 24, 2009
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.

  • CVE-2008-7057Aug 24, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.

  • CVE-2008-7056Aug 24, 2009
    risk 0.03cvss epss 0.02

    BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.

  • CVE-2008-5497Dec 12, 2008
    risk 0.03cvss epss 0.03

    BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.

  • CVE-2006-4985Sep 26, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in…

  • CVE-2006-4984Sep 26, 2006
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. …

  • CVE-2006-4986Sep 26, 2006
    risk 0.00cvss epss 0.01

    Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4)…