Zanfi Solutions: Security Vulnerabilities
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters.
CVSS Score
6.8
EPSS Score
0.011
Published
2008-09-22
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-09-22
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
CVSS Score
7.5
EPSS Score
0.002
Published
2008-09-15
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVSS Score
7.5
EPSS Score
0.002
Published
2008-09-15
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
CVSS Score
5.0
EPSS Score
0.008
Published
2004-12-31
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
CVSS Score
5.0
EPSS Score
0.013
Published
2004-12-31