CVE-2009-1368 — CVSS 7.5 (high): Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the…
CVE-2024-44871 — CVSS 7.2 (high): An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via…
CVE-2008-6128 — CVSS 6.8 (medium): Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID…
CVE-2024-29368 — CVSS 6.5 (medium): An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via…
CVE-2024-44872 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a…
CVE-2024-2245 — CVSS 5.4 (medium): Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload…
CVE-2020-25394 — CVSS 5.4 (medium): A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML…
CVE-2009-1369 — CVSS 5.0 (medium): moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[]…
CVE-2008-6126 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot…
CVE-2009-4209 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web…
CVE-2008-6127 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script…
CVE-2009-1367 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2008-3589 — CVSS 4.3 (medium): Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read…