VYPR
Vendor

Siteframe

Products
2
CVEs
5
Across products
7
Status
Private

Products

2

Recent CVEs

5
  • CVE-2009-2443Jul 13, 2009
    risk 0.03cvss epss 0.03

    Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

  • CVE-2008-3256Jul 22, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-0783Feb 19, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment).

  • CVE-2006-0675Feb 13, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

  • CVE-2005-4824Dec 31, 2005
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965.