VYPR
Get started
← All vendors
Vendor

Roseonlinecms

Sign in to watch
Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2009-4581Cri0.679.80.05Jan 6, 2010Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter.
CVE-2007-16360.040.07Mar 23, 2007Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.