Vulnerabilities > CWH Underground

DATE CVE VULNERABILITY TITLE RISK
2008-07-15 CVE-2008-3180 Cross-Site Scripting vulnerability in CWH Underground Contentnow CMS 1.4.1
Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.
4.3
2008-07-02 CVE-2008-2983 SQL Injection vulnerability in CWH Underground Demo4 CMS 01
SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
cwh-underground CWE-89
7.5