VYPR

Havalite

by Havalite

CVEs (3)

  • CVE-2012-5919Nov 19, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit…

  • CVE-2012-5894Nov 17, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.

  • CVE-2012-5892Nov 17, 2012
    risk 0.00cvss epss 0.01

    Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.