Vulnerabilities > Devalcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-19 | CVE-2008-6983 | Code Injection vulnerability in Devalcms 1.4A modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php. | 7.5 |
| 2009-08-19 | CVE-2008-6982 | Cross-Site Scripting vulnerability in Devalcms 1.4A Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter. | 4.3 |
| 2008-06-30 | CVE-2008-2913 | Path Traversal vulnerability in Devalcms 1.4A Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |