Sinecms
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-7163 | 0.03 | — | 0.04 | Sep 4, 2009 | Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter. | |||
| CVE-2007-6367 | 0.03 | — | 0.04 | Dec 15, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357. | |||
| CVE-2007-6366 | 0.03 | — | 0.02 | Dec 15, 2007 | Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2)… | |||
| CVE-2025-40770 | 0.00 | — | 0.00 | Aug 12, 2025 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to… | |||
| CVE-2025-40766 | 0.00 | — | 0.00 | Aug 12, 2025 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack. | |||
| CVE-2024-46894 | 0.00 | — | 0.00 | Nov 12, 2024 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the… | |||
| CVE-2024-46891 | 0.00 | — | 0.01 | Nov 12, 2024 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the… | |||
| CVE-2024-41941 | 0.00 | — | 0.00 | Aug 13, 2024 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization. | |||
| CVE-2024-35208 | 0.00 | — | 0.00 | Jun 11, 2024 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. | |||
| CVE-2007-2357 | 0.00 | — | 0.02 | Apr 30, 2007 | Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter. |
- CVE-2008-7163Sep 4, 2009risk 0.03cvss —epss 0.04
Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter.
- CVE-2007-6367Dec 15, 2007risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.
- CVE-2007-6366Dec 15, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2)…
- CVE-2025-40770Aug 12, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to…
- CVE-2025-40766Aug 12, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack.
- CVE-2024-46894Nov 12, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the…
- CVE-2024-46891Nov 12, 2024risk 0.00cvss —epss 0.01
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the…
- CVE-2024-41941Aug 13, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.
- CVE-2024-35208Jun 11, 2024risk 0.00cvss —epss 0.00
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords.
- CVE-2007-2357Apr 30, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter.