Bitweaver

Bitweaver

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2006-6925

Exploit
  • EPSS 8.94%
  • Veröffentlicht 13.01.2007 02:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title fi...

5

CVE-2006-6924

Exploit
  • EPSS 6.54%
  • Veröffentlicht 13.01.2007 02:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. ...

7.5

CVE-2006-6923

Exploit
  • EPSS 1.05%
  • Veröffentlicht 13.01.2007 02:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

5

CVE-2006-3105

Exploit
  • EPSS 2.91%
  • Veröffentlicht 21.06.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter ...

5

CVE-2006-3104

Exploit
  • EPSS 5.07%
  • Veröffentlicht 21.06.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message.

4.3

CVE-2006-3103

Exploit
  • EPSS 2.97%
  • Veröffentlicht 21.06.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.

5.1

CVE-2006-3102

Exploit
  • EPSS 7.8%
  • Veröffentlicht 21.06.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period...

2.6

CVE-2006-1745

Exploit
  • EPSS 0.4%
  • Veröffentlicht 12.04.2006 22:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from ...

4.3

CVE-2006-1131

Exploit
  • EPSS 0.51%
  • Veröffentlicht 10.03.2006 02:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.

7.5

CVE-2005-4380

  • EPSS 1.22%
  • Veröffentlicht 20.12.2005 02:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the...