Mozilo Mozilocms

14 CVEs affecting Mozilo Mozilocms. Latest disclosed: 2024-09-10. Critical: 1, High: 1.

Top CVEs affecting Mozilo Mozilocms
CVESeverityScorePublishedSummary
CVE-2022-23357Critical9.12022-02-03mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.
CVE-2024-44871High7.22024-09-10An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted f…
CVE-2024-29368Medium6.52024-04-22An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, poten…
CVE-2024-44872Medium6.12024-09-10A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via inject…
CVE-2024-2245Medium5.42024-03-07Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed i…
CVE-2020-25394Medium5.42021-07-09A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payloa…
CVE-2009-42092009-12-04Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via th…
CVE-2009-13692009-04-22moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index…
CVE-2009-13682009-04-22Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOT…
CVE-2009-13672009-04-22Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter…
CVE-2008-61282009-02-13Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2008-61272009-02-13Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p…
CVE-2008-61262009-02-13Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file…
CVE-2008-35892008-08-11Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a…