Campware.orgCVEs & Vulnerabilities

8 CVEs affecting Campware.org products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

campsite 33
CVE-2010-1867HIGH

SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

8 May 2010
7.5
CVSS
CVE-2009-2183HIGHpoc

Directory traversal vulnerability in admin-files/ad.php in Campsite 3.3.0 RC1 allows remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the GLOBALS[g_campsiteDir] parameter.

24 Jun 2009
7.5
CVSS
CVE-2009-2182MEDIUMpoc

Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/.

24 Jun 2009
6.8
CVSS
CVE-2009-2181MEDIUMpoc

Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter.

24 Jun 2009
4.3
CVSS
CVE-2006-5912CRITICAL

Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.

15 Nov 2006
10.0
CVSS
CVE-2006-5911HIGHpoc

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.

15 Nov 2006
7.5
CVSS
CVE-2006-5910HIGHpoc

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/.

15 Nov 2006
7.5
CVSS
CVE-2005-4661MEDIUM

The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.

31 Dec 2005
5.0
CVSS
← PrevPage 1 / 1Next →