Vulnerabilities > Dynpg > Dynpg > 4.2.0

DATE CVE VULNERABILITY TITLE RISK
2010-12-06 CVE-2010-4401 Information Exposure vulnerability in Dynpg 4.2.0
languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.
network
low complexity
dynpg CWE-200
5.0
5.0
2010-12-06 CVE-2010-4400 SQL Injection vulnerability in Dynpg 4.2.0
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
network
low complexity
dynpg CWE-89
7.5
7.5
2010-12-06 CVE-2010-4399 Path Traversal vulnerability in Dynpg 4.1.1/4.2.0
Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a ..
network
dynpg CWE-22
4.3
4.3