Blueriver Sava Cms : Security vulnerabilities, CVEs

Copy

CVE-2008-6433

Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.

Max CVSS

4.3

EPSS Score

0.25%

Published

2009-03-06

Updated

2017-08-17

CVE-2008-6434

SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.

Max CVSS

7.5

EPSS Score

0.25%

Published

2009-03-06

Updated

2017-08-17

CVE-2010-3468

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.

Max CVSS

5.0

EPSS Score

2.57%

Published

2010-09-29

Updated

2010-09-30

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!