Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.
Max CVSS
6.8
EPSS Score
0.36%
Published
2014-12-28
Updated
2014-12-29
PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.
Max CVSS
6.8
EPSS Score
7.39%
Published
2007-11-06
Updated
2017-09-29
2 vulnerabilities found