Exv2 Content_management_system
6 CVEs affecting Exv2 Content_management_system. Latest disclosed: 2007-08-15. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2006-7079 | Critical | 9.8 | 2007-03-02 | Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduc… |
CVE-2007-1966 | Critical | 9.1 | 2007-04-11 | Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. |
CVE-2007-4365 | | 2007-08-15 | Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to… | |
CVE-2007-1965 | | 2007-04-11 | Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_l… | |
CVE-2006-7080 | | 2007-03-02 | Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences… | |
CVE-2006-5030 | | 2006-09-27 | SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via t… |