Hycus » Hycus Cms : Security Vulnerabilities, CVEs,

CVE-2011-3745

HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-09-23
Updated
2012-03-12

CVE-2010-4613

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
Max CVSS
7.5
EPSS Score
0.54%
Published
2010-12-29
Updated
2010-12-30

CVE-2010-4612

Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.64%
Published
2010-12-29
Updated
2018-10-10
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close