VYPR

Creasito E Commerce Content Manager

by Creasito

CVEs (2)

  • CVE-2009-4925Jul 12, 2010
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2)…

  • CVE-2006-5777Nov 7, 2006
    risk 0.03cvss epss 0.03

    Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php,…