aspcms vulnerabilities and exploits

4
CVSSv2
CVE-2017-14653

member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter....

7.5
CVSSv2
CVE-2018-15888

An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly....