Lovecms
Products
3- 8 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-7062 | 0.04 | — | 0.07 | Aug 25, 2009 | Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/. | |||
| CVE-2008-5308 | 0.04 | — | 0.07 | Dec 2, 2008 | The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php. | |||
| CVE-2008-5794 | 0.03 | — | 0.03 | Dec 31, 2008 | Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. | |||
| CVE-2008-3509 | 0.03 | — | 0.03 | Aug 7, 2008 | LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors. | |||
| CVE-2007-1151 | 0.03 | — | 0.02 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | |||
| CVE-2007-1149 | 0.03 | — | 0.04 | Mar 2, 2007 | Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI. | |||
| CVE-2007-1148 | 0.03 | — | 0.03 | Mar 2, 2007 | PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. | |||
| CVE-2007-1150 | 0.00 | — | 0.01 | Mar 2, 2007 | Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/. |
- CVE-2008-7062Aug 25, 2009risk 0.04cvss —epss 0.07
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
- CVE-2008-5308Dec 2, 2008risk 0.04cvss —epss 0.07
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
- CVE-2008-5794Dec 31, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
- CVE-2008-3509Aug 7, 2008risk 0.03cvss —epss 0.03
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.
- CVE-2007-1151Mar 2, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
- CVE-2007-1149Mar 2, 2007risk 0.03cvss —epss 0.04
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
- CVE-2007-1148Mar 2, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
- CVE-2007-1150Mar 2, 2007risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.