Vendor
Smartsitecms
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3162 | 0.04 | — | 0.07 | Jun 22, 2006 | PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||
| CVE-2009-0405 | 0.03 | — | 0.01 | Feb 3, 2009 | SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter. | |||
| CVE-2006-3421 | 0.03 | — | 0.04 | Jul 7, 2006 | PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5)… | |||
| CVE-2006-7074 | 0.00 | — | 0.01 | Mar 2, 2007 | admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. |
- CVE-2006-3162Jun 22, 2006risk 0.04cvss —epss 0.07
PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
- CVE-2009-0405Feb 3, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.
- CVE-2006-3421Jul 7, 2006risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5)…
- CVE-2006-7074Mar 2, 2007risk 0.00cvss —epss 0.01
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.