Search Results | AttackerKB

Show filters

Topics 3 Users 9,733

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2011-3202

Disclosure Date: January 14, 2020 (last updated February 21, 2025)

A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2011-3203

Disclosure Date: January 14, 2020 (last updated February 21, 2025)

A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2011-3746

Disclosure Date: September 23, 2011 (last updated October 04, 2023)

Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files.

0