Salims Softhouse: >> Jaf Cms >> 4.0 Security Vulnerabilities
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.
CVSS Score
6.8
EPSS Score
0.08
Published
2007-03-06
PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
CVSS Score
7.5
EPSS Score
0.042
Published
2007-03-06
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.
CVSS Score
6.8
EPSS Score
0.01
Published
2006-10-03
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS Score
6.8
EPSS Score
0.008
Published
2006-10-03
module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php.
CVSS Score
7.5
EPSS Score
0.019
Published
2006-10-03