Filtered by vendor Roseonlinecms
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4581 | 1 Roseonlinecms | 1 Roseonlinecms | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter. | |||||
CVE-2007-1636 | 1 Roseonlinecms | 1 Roseonlinecms | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. |