CVE-2013-10055
- EPSS 73.48%
- Veröffentlicht 01.08.2025 20:39:41
- Zuletzt bearbeitet 04.08.2025 15:15:30
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote ...
CVE-2012-5919
- EPSS 11.02%
- Veröffentlicht 19.11.2012 12:10:55
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hav...
CVE-2012-5893
- EPSS 2.22%
- Veröffentlicht 17.11.2012 21:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading a file with a .php;.gif extension, then accessing it via a direct request to the file in tmp/fi...
CVE-2012-5894
- EPSS 1.65%
- Veröffentlicht 17.11.2012 21:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
- EPSS 0.26%
- Veröffentlicht 17.11.2012 21:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.