This page lists publicly disclosed CVE vulnerabilities affecting neocrome seditio (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-5916 | Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql. | [email protected] | 5.0 | 1.30% | 2012-11-17 | 2026-06-16 |
| CVE-2012-5915 | Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message. | [email protected] | 5.0 | 1.17% | 2012-11-17 | 2026-06-16 |
| CVE-2012-5914 | Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. | [email protected] | 2.6 | 1.32% | 2012-11-17 | 2026-06-16 |
| CVE-2009-1411 | SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php. | [email protected] | 7.5 | 2.31% | 2009-04-24 | 2026-06-16 |
| CVE-2007-6202 | SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php. | [email protected] | 6.8 | 2.22% | 2007-12-01 | 2026-06-16 |
| CVE-2007-4057 | Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with (1) .php.gif, (2) .php.jpg, or (3) .php.png. | [email protected] | 6.5 | 2.07% | 2007-07-30 | 2026-06-16 |
| CVE-2006-6577 | SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 6.8 | 0.94% | 2006-12-15 | 2026-06-16 |
| CVE-2006-6344 | Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection. | [email protected] | 7.5 | 0.88% | 2006-12-06 | 2026-06-16 |
| CVE-2006-6343 | SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 6.8 | 1.16% | 2006-12-06 | 2026-06-16 |
| CVE-2006-6177 | SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527). | [email protected] | 7.5 | 1.62% | 2006-11-30 | 2026-06-16 |
| CVE-2006-2634 | Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. | [email protected] | 4.3 | 1.37% | 2006-05-30 | 2026-06-16 |