An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on...
7.5CVSS
7.2AI Score
0.006EPSS
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and...
6.5CVSS
7.2AI Score
0.001EPSS
An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id...
9.8CVSS
7.9AI Score
0.002EPSS
An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php...
7.5CVSS
7.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail...
6.3AI Score
0.002EPSS
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than...
8.7AI Score
0.002EPSS
index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the...
6.9AI Score
0.004EPSS
SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id...
8.7AI Score
0.013EPSS