This page lists publicly disclosed CVE vulnerabilities affecting diskos diskos_cms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-4799 | Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | [email protected] | 5.0 | 2.59% | 2010-04-22 | 2026-04-29 |
| CVE-2009-4798 | Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature. | [email protected] | 7.5 | 1.00% | 2010-04-22 | 2026-04-29 |