Vivvo : Security Vulnerabilities, CVEs,
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
Max CVSS
5.0
EPSS Score
0.44%
Published
2009-10-26
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response.
Max CVSS
4.3
EPSS Score
0.19%
Published
2009-02-10
Updated
2009-03-06
Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before 4.0.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
4.4
EPSS Score
0.35%
Published
2009-05-07
Updated
2017-08-17
3 vulnerabilities found