Vulnerabilities > Impliedbydesign

DATE CVE VULNERABILITY TITLE RISK
2015-02-27 CVE-2015-2101 Cross-site Scripting vulnerability in Impliedbydesign Navigate 6.X1.0/7.X1.0
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2009-04-06 CVE-2008-6614 SQL Injection vulnerability in Impliedbydesign IBD Micro CMS 3.5
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).
network
low complexity
impliedbydesign CWE-89
7.5
2009-03-30 CVE-2008-6553 Improper Authentication vulnerability in Impliedbydesign Micro-Cms
microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 (aka 0.3.5) does not require authentication as an administrator, which allows remote attackers to (1) create administrative accounts via an add_admin action, (2) remove administrative accounts via a delete_admin action, and (3) modify administrative passwords via a change_password action.
network
low complexity
impliedbydesign CWE-287
7.5