Vulnerabilities > Smartsitecms

DATE CVE VULNERABILITY TITLE RISK
2009-02-03 CVE-2009-0405 SQL Injection vulnerability in Smartsitecms 1.0
SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.
network
low complexity
smartsitecms CWE-89
7.5
2007-03-02 CVE-2006-7074 USE of Hard-Coded Credentials vulnerability in Smartsitecms 1.0
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.
network
low complexity
smartsitecms CWE-798
7.5
2006-07-07 CVE-2006-3421 Remote File Include vulnerability in SmartSiteCMS
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.
network
high complexity
smartsitecms
5.1
2006-06-22 CVE-2006-3162 Remote File Include vulnerability in SmartSiteCMS Inc_Foot.PHP
PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
network
low complexity
smartsitecms
7.5