Vulnerabilities > Matteoiammarrone > High

DATE CVE VULNERABILITY TITLE RISK
2011-03-23 CVE-2010-4771 SQL Injection vulnerability in Matteoiammarrone S-Cms 2.5
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
matteoiammarrone CWE-89
7.5
2009-05-01 CVE-2009-1502 Path Traversal vulnerability in Matteoiammarrone S-Cms 1.1/1.5.2
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
network
low complexity
matteoiammarrone CWE-22
7.5
2009-03-10 CVE-2009-0864 Improper Authentication vulnerability in Matteoiammarrone S-Cms 1.1
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
network
low complexity
matteoiammarrone CWE-287
7.5
2009-03-10 CVE-2009-0863 SQL Injection vulnerability in Matteoiammarrone S-Cms 1.1
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
matteoiammarrone CWE-89
7.5