Elxis : Security Vulnerabilities, CVEs, CVSS score >= 7
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Max CVSS
7.5
EPSS Score
1.76%
Published
2008-10-22
Updated
2017-08-08
SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched without updating the version number; later downloads of 2006.4 are not affected.
Max CVSS
7.5
EPSS Score
0.90%
Published
2007-06-18
Updated
2018-10-16
2 vulnerabilities found