Filtered by vendor Flyspeck Subscriptions
Filtered by product Flyspeck Cms Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-1771 1 Flyspeck 1 Flyspeck Cms 2024-11-21 N/A
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
CVE-2009-1770 1 Flyspeck 1 Flyspeck Cms 2024-11-21 N/A
Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.