Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown
CVE-2009-2960
Disclosure Date: August 25, 2009 (last updated October 04, 2023)
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
0
Attacker Value
Unknown
CVE-2008-1493
Disclosure Date: March 25, 2008 (last updated October 04, 2023)
Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
0
