Vulnerabilities > Dynpg > Dynpg > 4.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-06 | CVE-2010-4401 | Information Exposure vulnerability in Dynpg 4.2.0 languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | 5.0 |
2010-12-06 | CVE-2010-4400 | SQL Injection vulnerability in Dynpg 4.2.0 SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter. | 7.5 |
2010-12-06 | CVE-2010-4399 | Path Traversal vulnerability in Dynpg 4.1.1/4.2.0 Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. | 4.3 |