tw8

3 exploits Active since Jun 2008
CVE-2008-2534 EXPLOITDB text WRITEUP
Phoenix View CMS Pre Alpha2 and earlier - Path Traversal via ltarget Parameter
Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter.
CVE-2008-2533 EXPLOITDB text WRITEUP
Phoenix View CMS Pre Alpha2 and earlier - Cross-Site Scripting via ltarget and conf Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/.
CVE-2008-2535 EXPLOITDB text WRITEUP
Phoenix View CMS Pre Alpha2 and earlier - SQL Injection via del Parameter
Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/.