Impliedbydesign
Products
2- 4 CVEs
- 3 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3144 | 0.04 | — | 0.09 | Jun 22, 2006 | PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this… | |||
| CVE-2008-6553 | 0.03 | — | 0.02 | Mar 30, 2009 | microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a… | |||
| CVE-2007-4602 | 0.03 | — | 0.01 | Aug 31, 2007 | SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2015-5500 | 0.00 | — | 0.01 | Aug 18, 2015 | Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5499 | 0.00 | — | 0.01 | Aug 18, 2015 | The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. | |||
| CVE-2015-2101 | 0.00 | — | 0.02 | Feb 27, 2015 | Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-6614 | 0.00 | — | 0.01 | Apr 6, 2009 | Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass… |
- CVE-2006-3144Jun 22, 2006risk 0.04cvss —epss 0.09
PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this…
- CVE-2008-6553Mar 30, 2009risk 0.03cvss —epss 0.02
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a…
- CVE-2007-4602Aug 31, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2015-5500Aug 18, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-5499Aug 18, 2015risk 0.00cvss —epss 0.01
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.
- CVE-2015-2101Feb 27, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6614Apr 6, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass…