Vulnerabilities > Drake Team
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-16 | CVE-2008-6475 | SQL Injection vulnerability in Drake Team Drake CMS 0.2 SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php. | 7.5 |
| 2008-03-18 | CVE-2008-1371 | Path Traversal vulnerability in Drake Team Drake CMS 0.4.11Rc8 Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. | 3.6 |
| 2008-02-01 | CVE-2007-6695 | Cross-Site Scripting vulnerability in Drake Team Drake CMS 0.4.9 Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter. | 4.3 |
| 2007-05-11 | CVE-2007-2618 | Unspecified vulnerability in Drake Team Drake CMS 0.4.0 CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. | 5.1 |
| 2007-04-03 | CVE-2007-1850 | Directory Traversal vulnerability in Drake Cms Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. | 5.0 |
| 2007-04-03 | CVE-2007-1849 | Local File Include vulnerability in Drake Team Drake CMS 0.3.7/0.3.7Beta Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. | 7.5 |
| 2007-04-03 | CVE-2007-1848 | Cross-Site Scripting vulnerability in Drake Team Drake CMS 0.3.7/0.3.7Beta Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. network drake-team | 4.3 |
| 2006-11-06 | CVE-2006-5767 | Code Injection vulnerability in Drake Team Drake CMS PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter. | 6.8 |