Mozilo Mozilocms
14 CVEs affecting Mozilo Mozilocms. Latest disclosed: 2024-09-10. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23357 | Critical | 9.1 | 2022-02-03 | mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. |
CVE-2024-44871 | High | 7.2 | 2024-09-10 | An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted f… |
CVE-2024-29368 | Medium | 6.5 | 2024-04-22 | An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, poten… |
CVE-2024-44872 | Medium | 6.1 | 2024-09-10 | A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via inject… |
CVE-2024-2245 | Medium | 5.4 | 2024-03-07 | Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed i… |
CVE-2020-25394 | Medium | 5.4 | 2021-07-09 | A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payloa… |
CVE-2009-4209 | | 2009-12-04 | Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via th… | |
CVE-2009-1369 | | 2009-04-22 | moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index… | |
CVE-2009-1368 | | 2009-04-22 | Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOT… | |
CVE-2009-1367 | | 2009-04-22 | Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter… | |
CVE-2008-6128 | | 2009-02-13 | Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |
CVE-2008-6127 | | 2009-02-13 | Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p… | |
CVE-2008-6126 | | 2009-02-13 | Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file… | |
CVE-2008-3589 | | 2008-08-11 | Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a… |