Vulnerabilities > Bitweaver > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-05-18 | CVE-2009-1678 | Path Traversal vulnerability in Bitweaver Directory traversal vulnerability in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allows remote attackers to create or overwrite arbitrary files via a .. | 7.5 |
| 2008-01-04 | CVE-2007-6650 | Permissions, Privileges, and Access Controls vulnerability in Bitweaver R2 CMS Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote attackers to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file. | 7.5 |
| 2007-12-15 | CVE-2007-6375 | SQL Injection vulnerability in Bitweaver Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. | 7.5 |
| 2007-01-13 | CVE-2006-6923 | Input Validation vulnerability in Bitweaver SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. | 7.5 |
| 2005-12-20 | CVE-2005-4380 | SQL Injection vulnerability in Bitweaver 1.1/1.1.1Beta Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. | 7.5 |