| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-2618 | 5.1 |
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version availa
|
16-10-2018 - 16:44 | 11-05-2007 - 16:19 | |
| CVE-2007-1850 | 5.0 |
Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: D
|
16-10-2018 - 16:40 | 03-04-2007 - 16:19 | |
| CVE-2006-5767 | 6.8 |
PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.
|
19-10-2017 - 01:29 | 06-11-2006 - 23:07 | |
| CVE-2007-1849 | 7.5 |
Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party informa
|
29-07-2017 - 01:31 | 03-04-2007 - 16:19 |