CVEs (10)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Toenda Software Development 1Toendacms Apr 23, 2026 Apr 13, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. |
1Toenda Software Development 1Toendacms Apr 16, 2026 Aug 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php....Show more |
1Toenda Software Development 1Toendacms Apr 16, 2026 Aug 7, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
2Geeklog Toenda Software Development2Geeklog ToendacmsApr 16, 2026 Jul 6, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and...Show more |
1Toenda Software Development 1Toendacms Apr 16, 2026 Jun 3, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is u...Show more |
1Toenda Software Development 1Toendacms Apr 16, 2026 Dec 20, 2005 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direc...Show more |
1Toenda Software Development 1Toendacms Apr 16, 2026 Dec 20, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
1Toenda Software Development 1Toendacms Apr 16, 2026 Dec 16, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
1Toenda Software Development 1Toendacms Apr 16, 2026 Nov 16, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file. |
1Toenda Software Development 1Toendacms Apr 16, 2026 Nov 16, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter. |