Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php.
Max CVSS
6.8
EPSS Score
1.78%
Published
2008-01-25
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.
Max CVSS
7.5
EPSS Score
1.57%
Published
2007-04-12
Updated
2018-10-16
2 vulnerabilities found