Cmscout: >> Cmscout >> 2.06 Security Vulnerabilities
Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.
CVSS Score
6.0
EPSS Score
0.004
Published
2009-04-17
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415.
CVSS Score
6.0
EPSS Score
0.041
Published
2009-04-17