Vulnerabilities (CVE)

Filtered by vendor Livecms Subscribe
Filtered by product Livecms
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-3293 1 Livecms 1 Livecms 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2007-3292 1 Livecms 1 Livecms 2024-02-04 7.5 HIGH N/A
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
CVE-2007-3290 1 Livecms 1 Livecms 2024-02-04 9.3 HIGH N/A
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.
CVE-2007-3291 1 Livecms 1 Livecms 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.