📦

chicomas

Vendor: chicomas

Actively Exploited 0 CISA KEV List

PoC / Exploits 3 Code Available

Total RCEs 1 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 4.89% Exploit Prob.

Latest CVE CVE-2008-5853 Jan 06

Security Vulnerability Index

Page 1 / 1

5.0 CVSS

CVE-2008-5853

Exploit Found

Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.

EPSS: 6.18%

Severity: MEDIUM

Jan 06, 2009

4.3 CVSS

CVE-2008-2186

Exploit Found

Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

EPSS: 12.79%

Severity: MEDIUM

May 13, 2008

7.5 CVSS

CVE-2008-2017

Directory traversal vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the operation parameter to the default URI under install/.

EPSS: 0.17%

Severity: HIGH

Apr 30, 2008

7.5 CVSS

CVE-2008-2016

RCE Exploit Found

PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.

EPSS: 0.40%

Severity: HIGH

Apr 30, 2008

Displaying 4 of 1 Total Entries

Total 1 Sections