digitalhive 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-2415 | Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | [email protected] | 6.8 | 1.90% | 2008-05-22 | 2026-04-23 |
| CVE-2008-0290 | Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. | [email protected] | 7.5 | 0.96% | 2008-01-16 | 2026-04-23 |
| CVE-2006-5493 | PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | [email protected] | 7.5 | 3.24% | 2006-10-25 | 2026-04-23 |
| CVE-2005-0884 | DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script. | [email protected] | 7.5 | 1.32% | 2005-05-02 | 2026-04-16 |
| CVE-2005-0883 | Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page. | [email protected] | 4.3 | 1.78% | 2005-03-23 | 2026-04-16 |