Vulnerabilities > Contenido > Contendio > 4.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-18 | CVE-2006-5381 | Remote Security vulnerability in Contenido Contendio 4.5.2Alpha/4.5.6Beta/4.6.0 Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory. | 5.0 |
| 2005-12-09 | CVE-2005-4132 | Remote Command Execution vulnerability in Contenido Contendio 4.5.2Alpha/4.5.6Beta/4.6.0 Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. | 7.5 |