PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| glen_campbell | siteframe | 3.0.2 |
| glen_campbell | siteframe | 3.1.6 |
| glen_campbell | siteframe | 3.1.1 |
| glen_campbell | siteframe | 3.1.8_beta |
| glen_campbell | siteframe | 3.1.9 |
| glen_campbell | siteframe | 3.2_p5 |
| glen_campbell | siteframe | 3.1.2 |
| glen_campbell | siteframe | 3.1.4 |
| glen_campbell | siteframe | 3.1 |
| glen_campbell | siteframe | 3.0.1 |
PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| glen_campbell | siteframe | * |
Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| glen_campbell | siteframe | 5.0.1 |