Smartsitecms: Security Vulnerabilities
SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-02-03
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-03-02
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.
CVSS Score
5.1
EPSS Score
0.061
Published
2006-07-07
PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVSS Score
7.5
EPSS Score
0.064
Published
2006-06-22