Vulnerabilities > Contenido > Contendio > 4.5.6.beta
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-18 | CVE-2006-5381 | Remote Security vulnerability in Contenido Contendio 4.5.2Alpha/4.5.6Beta/4.6.0 Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory. | 5.0 |
2005-12-09 | CVE-2005-4132 | Remote Command Execution vulnerability in Contenido Contendio 4.5.2Alpha/4.5.6Beta/4.6.0 Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. | 7.5 |