VYPR
Vendor

Leap CMS

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2009-1614May 11, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these…

  • CVE-2009-1613May 11, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.

  • CVE-2008-2833Jun 24, 2008
    risk 0.03cvss epss 0.04

    admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.