SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2008-01-15
Updated
2018-10-15
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
Max CVSS
6.8
EPSS Score
5.29%
Published
2006-12-28
Updated
2017-10-19
2 vulnerabilities found