Cms System Security Vulnerabilities
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an...
4.8CVSS
4.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to...
6.1CVSS
5.9AI Score
0.003EPSS
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system...
5.4CVSS
5.2AI Score
0.001EPSS
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. NOTE: the ven...
7.2CVSS
7.3AI Score
0.004EPSS
7.5CVSS
8AI Score
0.002EPSS
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL...
7.5CVSS
7.3AI Score
0.003EPSS
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the....
9.1CVSS
9.3AI Score
0.003EPSS
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a...
7.9AI Score
0.006EPSS
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid...
8.6AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password...
6AI Score
0.003EPSS
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted....
7.6AI Score
0.041EPSS
Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php...
5.8AI Score
0.003EPSS
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained...
8.6AI Score
0.001EPSS
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code.....
7.9AI Score
0.008EPSS
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id...
8.5AI Score
0.002EPSS
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.4AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider...
8.5AI Score
0.003EPSS
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4)...
7.7AI Score
0.376EPSS
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id...
8.4AI Score
0.008EPSS
SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass...
8.8AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified...
8.9AI Score
0.006EPSS
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path...
7.9AI Score
0.051EPSS
Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4)...
7.6AI Score
0.303EPSS
PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root]...
7.9AI Score
0.053EPSS
Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the...
7.8AI Score
0.012EPSS
PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle]...
7.9AI Score
0.022EPSS
Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and...
8.4AI Score
0.007EPSS
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as...
8.3AI Score
0.007EPSS
membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x...
6.8AI Score
0.017EPSS
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid...
8.4AI Score
0.022EPSS
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5)...
7.4AI Score
0.014EPSS