Exv2 Content Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Exv2 Content Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2006-7079 — CVSS 9.8 (critical): Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program…
CVE-2007-1966 — CVSS 9.1 (critical): Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID…
CVE-2006-5030 — CVSS 7.5 (high): SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute…
CVE-2006-7080 — CVSS 4.3 (medium): Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary…
CVE-2007-1965 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script…
CVE-2007-4365 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a…