SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2007-12-28
Updated
2017-09-29
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
Max CVSS
6.4
EPSS Score
0.62%
Published
2007-12-28
Updated
2017-09-29
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!