Vulnerabilities > Ripe Website Manager > Ripe Website Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-25 | CVE-2007-4523 | Cross-Site Scripting vulnerability in Ripe Website Manager 0.8.4/0.8.9 Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php, probably involving the Title or textarea field as reachable through admin/pages/new_page.php. network ripe-website-manager | 3.5 |
2007-08-25 | CVE-2007-4522 | SQL and HTML Injection vulnerability in Ripe Website Manager 0.8.4/0.8.9 Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c) navigation/delete_item.php in admin/; the (2) menu_id, (3) name, (3) page_id, and (4) url parameters in (d) admin/navigation/do_new_item.php; the (5) new_menuname parameter in (e) admin/navigation/do_new_nav.php; and (6) area1, name, and url parameters to (f) admin/pages/do_new_page.php. network ripe-website-manager | 6.0 |
2007-07-03 | CVE-2007-3525 | Remote File Include and Information Disclosure vulnerability in Ripe Website Manager Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. | 7.8 |
2007-07-03 | CVE-2007-3524 | Remote File Include and Information Disclosure vulnerability in Ripe Website Manager Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php. network ripe-website-manager | 6.8 |
2007-04-24 | CVE-2007-2207 | SQL-Injection vulnerability in Ripe Website Manager SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. | 7.5 |
2007-04-24 | CVE-2007-2206 | Cross-Site Scripting vulnerability in Ripe Website Manager Ripe Website Manager Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter. | 4.3 |