Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
Max CVSS
6.8
EPSS Score
1.40%
Published
2009-08-25
Updated
2017-09-29
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
Max CVSS
5.0
EPSS Score
1.06%
Published
2008-12-31
Updated
2017-09-29
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
Max CVSS
7.5
EPSS Score
14.02%
Published
2008-12-02
Updated
2017-09-29
LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.
Max CVSS
7.5
EPSS Score
8.15%
Published
2008-08-07
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
Max CVSS
4.3
EPSS Score
0.53%
Published
2007-03-02
Updated
2018-10-16
Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.
Max CVSS
3.6
EPSS Score
0.25%
Published
2007-03-02
Updated
2018-10-16
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
Max CVSS
5.0
EPSS Score
1.09%
Published
2007-03-02
Updated
2018-10-16
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
Max CVSS
7.5
EPSS Score
5.07%
Published
2007-03-02
Updated
2018-10-16
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!