Insanevisions » Onecms : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-10-07
Updated
2012-02-14
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.
Max CVSS
6.8
EPSS Score
0.09%
Published
2010-03-10
Updated
2017-08-17
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-04-07
Updated
2017-09-29
Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action.
Max CVSS
7.5
EPSS Score
2.36%
Published
2008-05-28
Updated
2018-10-11
4 vulnerabilities found