SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2008-01-15
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.
Max CVSS
4.3
EPSS Score
0.30%
Published
2007-02-27
Updated
2018-10-16
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.
Max CVSS
7.5
EPSS Score
1.04%
Published
2007-02-27
Updated
2018-10-16
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
Max CVSS
6.8
EPSS Score
5.29%
Published
2006-12-28
Updated
2017-10-19
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!