Vulnerabilities > Yannick Tanguy

DATE CVE VULNERABILITY TITLE RISK
2007-10-09 CVE-2007-5307 Code Injection vulnerability in Yannick Tanguy Else IF CMS 0.6Beta
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php.
network
low complexity
yannick-tanguy CWE-94
7.5
2007-10-09 CVE-2007-5306 Path Traversal vulnerability in Yannick Tanguy Else IF CMS 0.6Beta
ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.
network
low complexity
yannick-tanguy CWE-22
5.0
2007-10-09 CVE-2007-5305 Code Injection vulnerability in Yannick Tanguy Else IF CMS 0.6Beta
Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.
network
low complexity
yannick-tanguy CWE-94
7.5
2007-10-09 CVE-2007-5304 Cross-Site Scripting vulnerability in Yannick Tanguy Else IF CMS 0.6Beta
Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php.
4.3