CVEDB API

Vulnerabilities

Vulnerable Software

Tomatocms: >> Tomatocms >> 2.0.4 Security Vulnerabilities

CVE-2010-1514

Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory.

CVSS Score

6.0

EPSS Score

0.005

Published

2010-06-15

CVE-2010-1515

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO.

CVSS Score

2.6

EPSS Score

0.003

Published

2010-06-15

Page 1

Vulnerabilities

Vulnerable Software

Tomatocms: >> Tomatocms >> 2.0.4 Security Vulnerabilities

Products

Pricing

Contact Us