Ixprim: Security Vulnerabilities
Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors.
CVSS Score
6.5
EPSS Score
0.007
Published
2006-12-27
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
CVSS Score
5.0
EPSS Score
0.043
Published
2006-12-27
The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.
CVSS Score
5.1
EPSS Score
0.065
Published
2006-12-27