Flyspeck » Flyspeck Cms : Security Vulnerabilities, CVEs,
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
Max CVSS
7.5
EPSS Score
0.55%
Published
2009-05-22
Updated
2017-09-29
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Max CVSS
7.5
EPSS Score
0.45%
Published
2009-05-22
Updated
2017-09-29
2 vulnerabilities found