Havalite
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-5919 | 0.04 | — | 0.11 | Nov 19, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php. | ||
| CVE-2013-0161 | 0.03 | — | 0.00 | Jan 29, 2020 | Havalite CMS 1.1.7 has a stored XSS vulnerability | ||
| CVE-2012-5894 | 0.03 | — | 0.02 | Nov 17, 2012 | SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | ||
| CVE-2012-5893 | 0.00 | — | 0.02 | Nov 17, 2012 | Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/. | ||
| CVE-2012-5892 | 0.00 | — | 0.00 | Nov 17, 2012 | Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3. |
- CVE-2012-5919Nov 19, 2012risk 0.04cvss —epss 0.11
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.
- CVE-2013-0161Jan 29, 2020risk 0.03cvss —epss 0.00
Havalite CMS 1.1.7 has a stored XSS vulnerability
- CVE-2012-5894Nov 17, 2012risk 0.03cvss —epss 0.02
SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
- CVE-2012-5893Nov 17, 2012risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/files/.
- CVE-2012-5892Nov 17, 2012risk 0.00cvss —epss 0.00
Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.