CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Contenido: >> Contendio >> 4.5.6_beta Security Vulnerabilities

CVE-2006-5381

Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory.

CVSS Score

5.0

EPSS Score

0.003

Published

2006-10-18

CVE-2005-4132

Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. NOTE: it is likely that this is a PHP remote file include vulnerability.

CVSS Score

7.5

EPSS Score

0.006

Published

2005-12-09

Page 1

Vulnerabilities

Vulnerable Software

Contenido: >> Contendio >> 4.5.6_beta Security Vulnerabilities

Products

Pricing

Contact Us