Vulnerabilities (CVE)

Filtered by vendor Cromosoft Subscribe
Filtered by product Simple Plantilla Php
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1139 1 Cromosoft 1 Simple Plantilla Php 2024-11-21 10.0 HIGH N/A
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.
CVE-2007-1138 1 Cromosoft 1 Simple Plantilla Php 2024-11-21 5.0 MEDIUM N/A
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.