Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pragyan_cms_project | pragyan_cms | 2.5.4 |
| pragyan_cms_project | pragyan_cms | * |
| pragyan_cms_project | pragyan_cms | 2.6.3 |
| pragyan_cms_project | pragyan_cms | 2.5.12 |
| pragyan_cms_project | pragyan_cms | 2.5.14 |
| pragyan_cms_project | pragyan_cms | 2.5.13 |
| pragyan_cms_project | pragyan_cms | 2.6.1 |
| pragyan_cms_project | pragyan_cms | 2.5.9 |
| pragyan_cms_project | pragyan_cms | 2.6.2 |
| pragyan_cms_project | pragyan_cms | 2.6.4 |
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pragyan_cms_project | pragyan_cms | 3.0 |
SQL injection vulnerability in Pragyan CMS 3.0.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pragyan_cms_project | pragyan_cms | 3.0 |
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pragyan_cms_project | pragyan_cms | 3.0 |
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pragyan_cms_project | pragyan_cms | 3.0 |