Zanfi Solutions
Products
3- 4 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-4159 | 0.03 | — | 0.00 | Sep 22, 2008 | SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter. | ||
| CVE-2008-4158 | 0.03 | — | 0.03 | Sep 22, 2008 | Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters. | ||
| CVE-2008-4074 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | ||
| CVE-2008-4073 | 0.03 | — | 0.01 | Sep 15, 2008 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. | ||
| CVE-2004-2195 | 0.00 | — | 0.01 | Dec 31, 2004 | PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | ||
| CVE-2004-2196 | 0.00 | — | 0.01 | Dec 31, 2004 | Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. |
- CVE-2008-4159Sep 22, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.
- CVE-2008-4158Sep 22, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
- CVE-2008-4074Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
- CVE-2008-4073Sep 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
- CVE-2004-2195Dec 31, 2004risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
- CVE-2004-2196Dec 31, 2004risk 0.00cvss —epss 0.01
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.