Lucene search

Pyrocms Security Vulnerabilities

cve

CVE-2023-29689

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected...

9.8CVSS

9.9AI Score

0.006EPSS

2023-08-04 03:15 PM

cve

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege...

9CVSS

8.6AI Score

0.001EPSS

2022-11-25 05:15 PM

cve

CVE-2022-35118

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS)...

6.1CVSS

6.1AI Score

0.001EPSS

2022-08-01 08:15 PM

cve

CVE-2020-25262

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be...

4.3CVSS

7.3AI Score

0.001EPSS

2020-10-08 01:15 PM

cve

CVE-2020-25263

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be...

7.1CVSS

7.5AI Score

0.001EPSS

2020-10-08 01:15 PM