Vulnerabilities > Lovecms > Lovecms > 1.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-25 | CVE-2008-7062 | Permissions, Privileges, and Access Controls vulnerability in Lovecms 1.6.2 Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/. | 6.8 |
| 2008-12-31 | CVE-2008-5794 | Path Traversal vulnerability in Lovecms 1.6.2 Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. | 5.0 |
| 2008-12-02 | CVE-2008-5308 | Permissions, Privileges, and Access Controls vulnerability in Lovecms the Simple Forum 3.1D The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php. | 7.5 |
| 2008-08-07 | CVE-2008-3509 | Code Injection vulnerability in Lovecms 1.6.2 LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors. | 7.5 |