Lovecms

lovecms

8 CVEs • 2 products

Products (2)

Click to collapse

Toggle

The Simple Forum

the_simple_forum

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-7062 1Lovecms 1Lovecms Apr 23, 2026 Aug 25, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then ac...Show more Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.Show less
CVE-2008-5794 1Lovecms 1Lovecms Apr 23, 2026 Dec 31, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
CVE-2008-5308 1Lovecms 1The Simple Forum Apr 23, 2026 Dec 2, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simple...Show more The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.Show less
CVE-2008-3509 1Lovecms 1Lovecms Apr 23, 2026 Aug 7, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP c...Show more LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors.Show less
CVE-2007-1151 1Lovecms 1Lovecms Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
CVE-2007-1150 1Lovecms 1Lovecms Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 3.6 LOW· v2 Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.
CVE-2007-1149 1Lovecms 1Lovecms Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
CVE-2007-1148 1Lovecms 1Lovecms Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.