Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
Max CVSS
4.3
EPSS Score
0.15%
Published
2007-12-20
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
Max CVSS
7.5
EPSS Score
0.67%
Published
2007-12-20
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
Max CVSS
6.8
EPSS Score
1.15%
Published
2007-12-20
Updated
2017-09-29
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.
Max CVSS
5.0
EPSS Score
0.47%
Published
1999-10-28
Updated
2022-08-17
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!