Aggregates CVE and security vulnerability intelligence across all cwm-design-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk sql injection, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-6766 | Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information. | [email protected] | 7.5 | 0.41% | 2006-12-27 | 2026-04-23 |
| CVE-2006-6757 | Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter. | [email protected] | 7.8 | 5.64% | 2006-12-27 | 2026-04-23 |
| CVE-2006-6738 | PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | [email protected] | 6.8 | 2.83% | 2006-12-26 | 2026-04-23 |
| CVE-2006-6732 | PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter. | [email protected] | 6.8 | 5.29% | 2006-12-26 | 2026-04-23 |