Sitex: Security Vulnerabilities
SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVSS Score
6.8
EPSS Score
0.004
Published
2007-09-28
sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.
CVSS Score
6.4
EPSS Score
0.003
Published
2007-03-03