Vulnerabilities > Mozilo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-10 | CVE-2024-44871 | Unrestricted Upload of File with Dangerous Type vulnerability in Mozilo Mozilocms 3.0 An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. | 7.2 |
2024-09-10 | CVE-2024-44872 | Cross-site Scripting vulnerability in Mozilo Mozilocms 3.0 A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 6.1 |
2022-02-03 | CVE-2022-23357 | Path Traversal vulnerability in Mozilo Mozilocms 2.0 mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. | 9.1 |
2021-07-09 | CVE-2020-25394 | Cross-site Scripting vulnerability in Mozilo Mozilocms 2.0 A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter. | 3.5 |
2009-12-04 | CVE-2009-4209 | Cross-Site Scripting vulnerability in Mozilo Mozilocms 1.11.1 Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367. | 4.3 |
2009-04-22 | CVE-2009-1369 | Improper Input Validation vulnerability in Mozilo Mozilocms 1.11 moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message. | 5.0 |
2009-04-22 | CVE-2009-1368 | Path Traversal vulnerability in Mozilo Mozilocms 1.11 Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. | 7.5 |
2009-04-22 | CVE-2009-1367 | Cross-Site Scripting vulnerability in Mozilo Mozilocms 1.11 Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a. | 4.3 |
2009-02-13 | CVE-2008-6131 | Improper Authentication vulnerability in Mozilo Mozilowiki Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.0 |
2009-02-13 | CVE-2008-6130 | Cross-Site Scripting vulnerability in Mozilo Mozilowiki Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters. | 4.3 |