Boka: >> Siteengine Security Vulnerabilities
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2010-12-01
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.014
Published
2010-12-01
The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setting the action parameter to php_info in misc.php.
CVSS Score
5.0
EPSS Score
0.005
Published
2010-12-01
Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.
CVSS Score
5.8
EPSS Score
0.007
Published
2010-12-01