VYPR
Vendor

Gelatocms

Products
2
CVEs
3
Across products
6
Status
Private

Products

2

Recent CVEs

3
  • CVE-2008-3675Aug 14, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2007-4918Sep 17, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.

  • CVE-2008-7039Aug 24, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information.