Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Content Management System Security Vulnerabilities

cve
cve

CVE-2006-5030

SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.

8.3AI Score

0.002EPSS

2006-09-27 11:07 PM
42
cve
cve

CVE-2006-6110

Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp.

9AI Score

0.002EPSS

2006-11-26 10:07 PM
25
cve
cve

CVE-2006-7079

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.

9.8CVSS

8AI Score

0.036EPSS

2007-03-02 09:18 PM
26
cve
cve

CVE-2006-7080

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

7.2AI Score

0.004EPSS

2007-03-02 09:18 PM
20
cve
cve

CVE-2007-1907

PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

7.5AI Score

0.066EPSS

2007-04-10 11:19 PM
18
cve
cve

CVE-2007-1949

Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

6.6AI Score

0.01EPSS

2007-04-11 01:19 AM
27
cve
cve

CVE-2007-1950

Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.

5.7AI Score

0.003EPSS

2007-04-11 01:19 AM
21
cve
cve

CVE-2007-1965

Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.

5.6AI Score

0.002EPSS

2022-10-03 04:14 PM
22
cve
cve

CVE-2007-1966

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

6.7AI Score

0.002EPSS

2022-10-03 04:14 PM
21
cve
cve

CVE-2007-4365

Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965.

5.7AI Score

0.007EPSS

2007-08-15 07:17 PM
21
cve
cve

CVE-2008-2217

Directory traversal vulnerability in cm/graphie.php in Content Management System 0.6.1 for Phprojekt allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cm_imgpath parameter.

7.2AI Score

0.008EPSS

2008-05-14 06:20 PM
20
cve
cve

CVE-2008-3154

SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.

8.4AI Score

0.001EPSS

2008-07-11 10:41 PM
21
cve
cve

CVE-2021-25197

Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php

6.1CVSS

6AI Score

0.001EPSS

2021-07-22 06:15 PM
15
cve
cve

CVE-2022-26565

A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page.

4.8CVSS

4.9AI Score

0.001EPSS

2022-04-01 10:15 PM
56
cve
cve

CVE-2022-47740

Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php.

9.8CVSS

9.7AI Score

0.002EPSS

2023-01-19 06:15 PM
23
cve
cve

CVE-2023-31816

IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php.

6.1CVSS

6.1AI Score

0.001EPSS

2023-05-22 09:15 PM
23
cve
cve

CVE-2023-48985

Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component.

6.1CVSS

6.2AI Score

0.0005EPSS

2024-02-14 09:15 AM
56
cve
cve

CVE-2023-48986

Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component.

6.1CVSS

6.2AI Score

0.0005EPSS

2024-02-14 09:15 AM
44
cve
cve

CVE-2023-48987

Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component.

7.5CVSS

8AI Score

0.001EPSS

2024-02-14 09:15 AM
42