Vulnerabilities > Flyspeck
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-22 | CVE-2009-1771 | Permissions, Privileges, and Access Controls vulnerability in Flyspeck CMS 6.8 index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters. | 7.5 |
2009-05-22 | CVE-2009-1770 | Path Traversal vulnerability in Flyspeck CMS 6.8 Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |