CVEDB API

Vulnerabilities

Vulnerable Software

Razorcms: >> Razorcms >> 1.0 Security Vulnerabilities

CVE-2012-6038

admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."

CVSS Score

6.5

EPSS Score

0.045

Published

2012-11-26

CVE-2012-1900

Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.

CVSS Score

6.8

EPSS Score

0.004

Published

2012-10-22

CVE-2010-5051

Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.

CVSS Score

4.3

EPSS Score

0.003

Published

2011-11-23

Page 1

Vulnerabilities

Vulnerable Software

Razorcms: >> Razorcms >> 1.0 Security Vulnerabilities

Products

Pricing

Contact Us