Vulnerabilities > Cromosoft > Simple Plantilla PHP

DATE CVE VULNERABILITY TITLE RISK
2007-03-02 CVE-2007-1139 Code Injection vulnerability in Cromosoft Simple Plantilla PHP
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.
network
low complexity
cromosoft CWE-94
critical
 10.0
10
2007-03-02 CVE-2007-1138 Path Traversal vulnerability in Cromosoft Simple Plantilla PHP
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
network
low complexity
cromosoft CWE-22
5.0
5.0