MidnightBSD

Advisories for enanocms

CVE-2010-0471 HIGH

SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
enanocms enanocms 1.0.3
enanocms enanocms 0.9.1
enanocms enanocms 1.0
enanocms enanocms 1.0.4
enanocms enanocms 0.8.2
enanocms enanocms *
enanocms enanocms 0.8.3
enanocms enanocms 1.0.1
enanocms enanocms 1.0.2
enanocms enanocms 1.0.5
enanocms enanocms 0.8.1
enanocms enanocms 0.9.3
enanocms enanocms 0.8.4
enanocms enanocms 0.9.2
enanocms enanocms 1.0.2b1
CVE-2010-4780 HIGH

SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
enanocms enano_cms 1.1.3
enanocms enano_cms 1.1.4
enanocms enano_cms 1.0.3
enanocms enano_cms 1.1.2
enanocms enano_cms 1.1.5
enanocms enano_cms 1.0.2
enanocms enano_cms 1.1.6
enanocms enano_cms 1.0.5
enanocms enano_cms 0.9.3
enanocms enano_cms 0.9.2
enanocms enano_cms 0.8.3
enanocms enano_cms 1.0
enanocms enano_cms 1.0.6
enanocms enano_cms 1.0.4
enanocms enano_cms 0.8.1
enanocms enano_cms 0.8.2
enanocms enano_cms 0.8.4
enanocms enano_cms 1.1.1
enanocms enano_cms 1.0.1
enanocms enano_cms 1.0.2b1
enanocms enano_cms 1.1.7
enanocms enano_cms *
enanocms enano_cms 0.9.1
CVE-2010-4781 MEDIUM

index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
enanocms enano_cms 1.1.3
enanocms enano_cms 1.1.4
enanocms enano_cms 1.0.3
enanocms enano_cms 1.1.2
enanocms enano_cms 1.1.5
enanocms enano_cms 1.0.2
enanocms enano_cms 1.1.6
enanocms enano_cms 1.0.5
enanocms enano_cms 0.9.3
enanocms enano_cms 0.9.2
enanocms enano_cms 0.8.3
enanocms enano_cms 1.0
enanocms enano_cms 1.0.6
enanocms enano_cms 1.0.4
enanocms enano_cms 0.8.1
enanocms enano_cms 0.8.2
enanocms enano_cms 0.8.4
enanocms enano_cms 1.1.1
enanocms enano_cms 1.0.1
enanocms enano_cms 1.0.2b1
enanocms enano_cms 1.1.7
enanocms enano_cms *
enanocms enano_cms 0.9.1