10 matches found
CVE-2026-54415
CVE-2026-54415 is a broken access control issue in Azuriom CMS before 1.2.11. An authenticated user with the admin.access permission can abuse server-management routes to create AzLink server tokens and take over non-admin user accounts by changing passwords and emails. The vulnerability exists i...
CVE-2026-54415 Broken Access Control in Azuriom CMS Server Routes Allows Account Takeover
Missing Authorization in the server management routes routes/admin.php in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email...
PT-2026-50444
Name of the Vulnerable Software and Affected Versions Azuriom CMS versions prior to 1.2.11 Description Missing authorization in the server management routes allows an authenticated attacker with the admin.access permission to create AzLink server tokens. This can lead to the takeover of non-admin...
π Azuriom CMS 1.2.6 Client-Side Template Injection
A client-side template injection vulnerability affects the Azuriom CMS Admin Dashboard in version 1.2.6. Several dashboard components widgets, plugins, and admin panels render untrusted user input inside the administrator's browser. Low-privileged users can inject template expressions that execut...
EUVD-2025-201795
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
CVE-2025-65271
Client-side template injection CSTI in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege...
CVE-2025-65271
Azuriom CMS is affected by a Client-Side Template Injection (CSTI) in the Admin Dashboard. The vulnerability allows a low-privilege user to inject template code that runs in the context of an administratorβs session, via widgets, plugins, or components that render untrusted input. The issue is de...
PT-2025-49587
Name of the Vulnerable Software and Affected Versions Azuriom CMS versions prior to 1.2.7 Description A client-side template injection CSTI issue exists in the Azuriom CMS admin dashboard. A low-privilege user can execute arbitrary template code within the context of an administrator's session...
Exploit for CVE-2025-65271
CVE-2025-65271 PoC for CVE-2025-65271 How to run? node serv...