Elxis : Security Vulnerabilities, CVEs, CVSS score >= 5
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Max CVSS
5.0
EPSS Score
1.62%
Published
2009-12-02
Updated
2009-12-03
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
7.5
EPSS Score
1.76%
Published
2008-10-22
Updated
2017-08-08
SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected.
Max CVSS
7.5
EPSS Score
0.90%
Published
2007-06-18
Updated
2018-10-16
3 vulnerabilities found