14 matches found
CVE-2026-54415 Broken Access Control in Azuriom CMS Server Routes Allows Account Takeover
Missing Authorization in the server management routes routes/admin.php in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email...
CVE-2026-54415
CVE-2026-54415 is a broken access control issue in Azuriom CMS before 1.2.11. An authenticated user with the admin.access permission can abuse server-management routes to create AzLink server tokens and take over non-admin user accounts by changing passwords and emails. The vulnerability exists i...
PT-2026-50444
Name of the Vulnerable Software and Affected Versions Azuriom CMS versions prior to 1.2.11 Description Missing authorization in the server management routes allows an authenticated attacker with the admin.access permission to create AzLink server tokens. This can lead to the takeover of non-admin...
📄 Azuriom CMS 1.2.6 Client-Side Template Injection
A client-side template injection vulnerability affects the Azuriom CMS Admin Dashboard in version 1.2.6. Several dashboard components widgets, plugins, and admin panels render untrusted user input inside the administrator's browser. Low-privileged users can inject template expressions that execut...
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
EUVD-2025-201795
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
PT-2025-49587
Name of the Vulnerable Software and Affected Versions Azuriom CMS versions prior to 1.2.7 Description A client-side template injection CSTI issue exists in the Azuriom CMS admin dashboard. A low-privilege user can execute arbitrary template code within the context of an administrator's session...
CVE-2025-65271
Azuriom CMS is affected by a Client-Side Template Injection (CSTI) in the Admin Dashboard. The vulnerability allows a low-privilege user to inject template code that runs in the context of an administrator’s session, via widgets, plugins, or components that render untrusted input. The issue is de...
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
Azuriom 安全漏洞
Azuriom is an Azuriom open source web solution for game servers. A security vulnerability exists in Azuriom versions prior to 1.2.7 that stems from the presence of client-side template injection in the administration dashboard, which could lead to elevation of privilege...
Exploit for CVE-2025-65271
CVE-2025-65271 PoC for CVE-2025-65271 How to run? node serv...