VYPR
Vendor

Impliedbydesign

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2006-3144Jun 22, 2006
    risk 0.04cvss epss 0.09

    PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this…

  • CVE-2008-6553Mar 30, 2009
    risk 0.03cvss epss 0.02

    microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a…

  • CVE-2007-4602Aug 31, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2015-5500Aug 18, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-5499Aug 18, 2015
    risk 0.00cvss epss 0.01

    The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.

  • CVE-2015-2101Feb 27, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-6614Apr 6, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass…