Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities by sinecms

    CVE-2008-7163 (GCVE-0-2008-7163)

    Vulnerability from nvd – Published: 2009-09-04 10:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27156 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/4854 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/40084 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28305 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27156",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27156"
              },
              {
                "name": "4854",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4854"
              },
              {
                "name": "40084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40084"
              },
              {
                "name": "sinecms-index-file-include(39446)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
              },
              {
                "name": "28305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28305"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27156",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27156"
            },
            {
              "name": "4854",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4854"
            },
            {
              "name": "40084",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40084"
            },
            {
              "name": "sinecms-index-file-include(39446)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
            },
            {
              "name": "28305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28305"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7163",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27156",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27156"
                },
                {
                  "name": "4854",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4854"
                },
                {
                  "name": "40084",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40084"
                },
                {
                  "name": "sinecms-index-file-include(39446)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
                },
                {
                  "name": "28305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28305"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7163",
        "datePublished": "2009-09-04T10:00:00.000Z",
        "dateReserved": "2009-09-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6367 (GCVE-0-2007-6367)

    Vulnerability from nvd – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3444 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/27949 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/4693 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/484648/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/485267/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3444",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3444"
              },
              {
                "name": "27949",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27949"
              },
              {
                "name": "sinecms-mods-xss(38893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893"
              },
              {
                "name": "4693",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4693"
              },
              {
                "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
              },
              {
                "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3444",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3444"
            },
            {
              "name": "27949",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27949"
            },
            {
              "name": "sinecms-mods-xss(38893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893"
            },
            {
              "name": "4693",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4693"
            },
            {
              "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
            },
            {
              "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6367",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3444",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3444"
                },
                {
                  "name": "27949",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27949"
                },
                {
                  "name": "sinecms-mods-xss(38893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893"
                },
                {
                  "name": "4693",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4693"
                },
                {
                  "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
                },
                {
                  "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6367",
        "datePublished": "2007-12-15T01:00:00.000Z",
        "dateReserved": "2007-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6366 (GCVE-0-2007-6366)

    Vulnerability from nvd – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3444 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/27949 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/4693 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/484648/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/485267/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3444",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3444"
              },
              {
                "name": "27949",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27949"
              },
              {
                "name": "4693",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4693"
              },
              {
                "name": "sinecms-mods-sql-injection(38895)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
              },
              {
                "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
              },
              {
                "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3444",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3444"
            },
            {
              "name": "27949",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27949"
            },
            {
              "name": "4693",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4693"
            },
            {
              "name": "sinecms-mods-sql-injection(38895)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
            },
            {
              "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
            },
            {
              "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6366",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3444",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3444"
                },
                {
                  "name": "27949",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27949"
                },
                {
                  "name": "4693",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4693"
                },
                {
                  "name": "sinecms-mods-sql-injection(38895)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
                },
                {
                  "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
                },
                {
                  "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6366",
        "datePublished": "2007-12-15T01:00:00.000Z",
        "dateReserved": "2007-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2357 (GCVE-0-2007-2357)

    Vulnerability from nvd – Published: 2007-04-30 22:00 – Updated: 2024-08-07 13:33
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/34172 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25014 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23682 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/2649 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/466965/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2007/1559 vdb-entryx_refsource_VUPEN
    Date Public
    2007-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:33:28.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34172"
              },
              {
                "name": "25014",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25014"
              },
              {
                "name": "sinecms-result-xss(33919)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919"
              },
              {
                "name": "23682",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23682"
              },
              {
                "name": "2649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2649"
              },
              {
                "name": "20070426 SineCMS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/466965/100/0/threaded"
              },
              {
                "name": "ADV-2007-1559",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1559"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34172",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34172"
            },
            {
              "name": "25014",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25014"
            },
            {
              "name": "sinecms-result-xss(33919)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919"
            },
            {
              "name": "23682",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23682"
            },
            {
              "name": "2649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2649"
            },
            {
              "name": "20070426 SineCMS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/466965/100/0/threaded"
            },
            {
              "name": "ADV-2007-1559",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1559"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34172",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34172"
                },
                {
                  "name": "25014",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25014"
                },
                {
                  "name": "sinecms-result-xss(33919)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919"
                },
                {
                  "name": "23682",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23682"
                },
                {
                  "name": "2649",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2649"
                },
                {
                  "name": "20070426 SineCMS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/466965/100/0/threaded"
                },
                {
                  "name": "ADV-2007-1559",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1559"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2357",
        "datePublished": "2007-04-30T22:00:00.000Z",
        "dateReserved": "2007-04-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:33:28.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7163 (GCVE-0-2008-7163)

    Vulnerability from cvelistv5 – Published: 2009-09-04 10:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27156 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/4854 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/40084 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/28305 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.380Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27156",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27156"
              },
              {
                "name": "4854",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4854"
              },
              {
                "name": "40084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40084"
              },
              {
                "name": "sinecms-index-file-include(39446)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
              },
              {
                "name": "28305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28305"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27156",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27156"
            },
            {
              "name": "4854",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4854"
            },
            {
              "name": "40084",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40084"
            },
            {
              "name": "sinecms-index-file-include(39446)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
            },
            {
              "name": "28305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28305"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7163",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the sine[config][index_main] parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27156",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27156"
                },
                {
                  "name": "4854",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4854"
                },
                {
                  "name": "40084",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40084"
                },
                {
                  "name": "sinecms-index-file-include(39446)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39446"
                },
                {
                  "name": "28305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28305"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7163",
        "datePublished": "2009-09-04T10:00:00.000Z",
        "dateReserved": "2009-09-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6367 (GCVE-0-2007-6367)

    Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3444 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/27949 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://www.exploit-db.com/exploits/4693 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/484648/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/485267/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3444",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3444"
              },
              {
                "name": "27949",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27949"
              },
              {
                "name": "sinecms-mods-xss(38893)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893"
              },
              {
                "name": "4693",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4693"
              },
              {
                "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
              },
              {
                "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3444",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3444"
            },
            {
              "name": "27949",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27949"
            },
            {
              "name": "sinecms-mods-xss(38893)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893"
            },
            {
              "name": "4693",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4693"
            },
            {
              "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
            },
            {
              "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6367",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3444",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3444"
                },
                {
                  "name": "27949",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27949"
                },
                {
                  "name": "sinecms-mods-xss(38893)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38893"
                },
                {
                  "name": "4693",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4693"
                },
                {
                  "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
                },
                {
                  "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6367",
        "datePublished": "2007-12-15T01:00:00.000Z",
        "dateReserved": "2007-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6366 (GCVE-0-2007-6366)

    Vulnerability from cvelistv5 – Published: 2007-12-15 01:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3444 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/27949 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/4693 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/484648/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/485267/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3444",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3444"
              },
              {
                "name": "27949",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27949"
              },
              {
                "name": "4693",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4693"
              },
              {
                "name": "sinecms-mods-sql-injection(38895)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
              },
              {
                "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
              },
              {
                "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3444",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3444"
            },
            {
              "name": "27949",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27949"
            },
            {
              "name": "4693",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4693"
            },
            {
              "name": "sinecms-mods-sql-injection(38895)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
            },
            {
              "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
            },
            {
              "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6366",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3444",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3444"
                },
                {
                  "name": "27949",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27949"
                },
                {
                  "name": "4693",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4693"
                },
                {
                  "name": "sinecms-mods-sql-injection(38895)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38895"
                },
                {
                  "name": "20071205 SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/484648/100/0/threaded"
                },
                {
                  "name": "20071218 Re: SineCMS \u003c= 2.3.4 Calendar SQL Injection \u0027n something else..",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485267/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6366",
        "datePublished": "2007-12-15T01:00:00.000Z",
        "dateReserved": "2007-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2357 (GCVE-0-2007-2357)

    Vulnerability from cvelistv5 – Published: 2007-04-30 22:00 – Updated: 2024-08-07 13:33
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/34172 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/25014 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/23682 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/2649 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/466965/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2007/1559 vdb-entryx_refsource_VUPEN
    Date Public
    2007-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:33:28.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34172"
              },
              {
                "name": "25014",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25014"
              },
              {
                "name": "sinecms-result-xss(33919)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919"
              },
              {
                "name": "23682",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23682"
              },
              {
                "name": "2649",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2649"
              },
              {
                "name": "20070426 SineCMS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/466965/100/0/threaded"
              },
              {
                "name": "ADV-2007-1559",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1559"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34172",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34172"
            },
            {
              "name": "25014",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25014"
            },
            {
              "name": "sinecms-result-xss(33919)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919"
            },
            {
              "name": "23682",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23682"
            },
            {
              "name": "2649",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2649"
            },
            {
              "name": "20070426 SineCMS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/466965/100/0/threaded"
            },
            {
              "name": "ADV-2007-1559",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1559"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34172",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34172"
                },
                {
                  "name": "25014",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25014"
                },
                {
                  "name": "sinecms-result-xss(33919)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33919"
                },
                {
                  "name": "23682",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23682"
                },
                {
                  "name": "2649",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2649"
                },
                {
                  "name": "20070426 SineCMS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/466965/100/0/threaded"
                },
                {
                  "name": "ADV-2007-1559",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1559"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2357",
        "datePublished": "2007-04-30T22:00:00.000Z",
        "dateReserved": "2007-04-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:33:28.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }