Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
Max CVSS
9.0
EPSS Score
0.48%
Published
2008-05-05
Updated
2017-09-29
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
Max CVSS
5.0
EPSS Score
0.82%
Published
2008-01-25
Updated
2017-09-29
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.
Max CVSS
5.0
EPSS Score
0.55%
Published
2007-01-30
Updated
2018-10-16
Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.
Max CVSS
5.0
EPSS Score
0.95%
Published
2007-01-30
Updated
2018-10-16
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
Max CVSS
7.5
EPSS Score
13.00%
Published
2005-05-02
Updated
2017-07-11
5 vulnerabilities found