Vulnerabilities > Pastel > Pastelcms > 0.8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-24 | CVE-2009-1405 | Path Traversal vulnerability in Pastel Pastelcms 0.8.0 Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2009-04-24 | CVE-2009-1404 | SQL Injection vulnerability in Pastel Pastelcms 0.8.0 SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. | 6.8 |