Basic-cms : Security Vulnerabilities, CVEs,
CVE-2008-2789
Public exploit
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
Max CVSS
7.5
EPSS Score
1.20%
Published
2008-06-20
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, 0.5.3, and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) _plugin/subscriber/inc/post.php and (2) as/lib/news_modify.php.
Max CVSS
6.8
EPSS Score
1.48%
Published
2009-12-07
Updated
2017-08-17
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and earlier allows remote attackers to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-12-08
Updated
2009-12-09
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
Max CVSS
4.3
EPSS Score
0.24%
Published
2010-02-23
Updated
2010-03-02
Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.
Max CVSS
4.3
EPSS Score
0.12%
Published
2015-01-03
Updated
2015-01-05
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-01-03
Updated
2015-01-05
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
Max CVSS
4.3
EPSS Score
0.15%
Published
2015-01-03
Updated
2015-01-05
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21
8 vulnerabilities found