Toenda Software Development Toendacms — known CVE vulnerabilities
Every CVE whose affected-product data names Toenda Software Development Toendacms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2006-4349 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in…
CVE-2005-4353 — CVSS 7.5 (high): SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute…
CVE-2006-2799 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts…
CVE-2005-4422 — CVSS 6.5 (medium): Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary…
CVE-2006-3362 — CVSS 5.1 (medium): Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0…
CVE-2005-3550 — CVSS 5.0 (medium): Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot…
CVE-2005-3551 — CVSS 5.0 (medium): toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive…
CVE-2006-4016 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote…
CVE-2005-4277 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script…
CVE-2007-1872 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the…