| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-1460 | 4.6 |
razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allow
|
17-08-2017 - 01:30 | 28-04-2009 - 16:30 | |
| CVE-2009-1459 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
|
17-08-2017 - 01:30 | 28-04-2009 - 16:30 | |
| CVE-2009-1458 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action,
|
17-08-2017 - 01:30 | 28-04-2009 - 16:30 |