mozilo CVE Vulnerabilities & Metrics

Focus on mozilo vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About mozilo Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with mozilo. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total mozilo CVEs: 4
Earliest CVE date: 11 Aug 2008, 23:41 UTC
Latest CVE date: 10 Sep 2024, 17:15 UTC

Latest CVE reference: CVE-2024-44872

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical mozilo CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.4

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	11
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS mozilo CVEs

These are the five CVEs with the highest CVSS scores for mozilo, sorted by severity first and recency.

CVE-2009-1368 mozilo Published on 22 Apr 2009, 21:30 UTC (CVSS: 7.5)
Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.
CVE-2008-6128 mozilo Published on 13 Feb 2009, 18:30 UTC (CVSS: 6.8)
Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2022-23357 mozilo Published on 03 Feb 2022, 03:15 UTC (CVSS: 6.4)
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.
CVE-2008-6131 mozilo Published on 13 Feb 2009, 18:30 UTC (CVSS: 6.0)
Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
CVE-2009-1369 mozilo Published on 22 Apr 2009, 21:30 UTC (CVSS: 5.0)
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.

All CVEs for mozilo

CVE-2024-44872 mozilo vulnerability CVSS: 0 10 Sep 2024, 17:15 UTC

A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

CVE-2024-44871 mozilo vulnerability CVSS: 0 10 Sep 2024, 17:15 UTC

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.

CVE-2022-23357 mozilo vulnerability CVSS: 6.4 03 Feb 2022, 03:15 UTC

mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.

CVE-2020-25394 mozilo vulnerability CVSS: 3.5 09 Jul 2021, 22:15 UTC

A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter.

CVE-2009-4209 mozilo vulnerability CVSS: 4.3 04 Dec 2009, 19:30 UTC

Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367.

CVE-2009-1369 mozilo vulnerability CVSS: 5.0 22 Apr 2009, 21:30 UTC

moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.

CVE-2009-1368 mozilo vulnerability CVSS: 7.5 22 Apr 2009, 21:30 UTC

Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3.

CVE-2009-1367 mozilo vulnerability CVSS: 4.3 22 Apr 2009, 21:30 UTC

Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.

CVE-2008-6131 mozilo vulnerability CVSS: 6.0 13 Feb 2009, 18:30 UTC

Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CVE-2008-6130 mozilo vulnerability CVSS: 4.3 13 Feb 2009, 18:30 UTC

Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.

CVE-2008-6129 mozilo vulnerability CVSS: 4.3 13 Feb 2009, 18:30 UTC

Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.

CVE-2008-6128 mozilo vulnerability CVSS: 6.8 13 Feb 2009, 18:30 UTC

Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CVE-2008-6127 mozilo vulnerability CVSS: 4.3 13 Feb 2009, 18:30 UTC

Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.

CVE-2008-6126 mozilo vulnerability CVSS: 5.0 13 Feb 2009, 18:30 UTC

Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589.

CVE-2008-3589 mozilo vulnerability CVSS: 4.3 11 Aug 2008, 23:41 UTC

Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.