92 matches found
PT-2025-37258
Name of the Vulnerable Software and Affected Versions: InstantCMS versions through 2.17.3 Description: InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability exists that allows authenticated remote attackers to make arbitrary...
InstantCMS 代码问题漏洞
InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...
CVE-2013-10051
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2013-10051
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2013-10051
InstantCMS
PT-2025-31688 · Unknown · Instantcms
Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 1.7 Description: A remote PHP code execution issue exists due to the unsafe use of the eval function within the search view handler. User-supplied input via the look parameter is concatenated into a PHP expression...
InstantCMS 安全漏洞
InstantCMS is a free open source CMS from instantSoft Open Source. A security vulnerability exists in InstantCMS 1.6 and earlier versions, which stems from improper use of the eval function and could lead to remote code execution...
CVE-2024-31213
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...
CVE-2024-50348
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...
CVE-2024-31212
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...
InstantCMS Cross-Site Scripting Vulnerability
InstantCMS is a free and open source CMS. A cross-site scripting vulnerability exists in InstantCMS before version 2.16.3, which stems from the lack of effective filtering and escaping of user-supplied data in the photo upload function of the album page, and can be exploited by an attacker to...
CVE-2024-50348
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...
CVE-2024-50348 InstantCMS has a Cross Site Scripting Vulnerability
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...
CVE-2024-50348 InstantCMS has a Cross Site Scripting Vulnerability
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...
CVE-2024-50348
CVE-2024-50348 affects InstantCMS. The vulnerability is a Cross-Site Scripting (XSS) flaw in the photo upload function of the photo album page caused by insufficient input validation. This impacts versions prior to 2.16.3 and can enable an attacker to inject and execute script or HTML via crafted...
CVE-2024-50348 InstantCMS has a Cross Site Scripting Vulnerability
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...
PT-2024-34158 · Unknown · Instantcms
Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 2.16.3 Description: The issue is related to a lack of input validation in the photo upload function on the photo album page, allowing attackers to inject and execute Cross Site Scripting XSS payloads...
InstantCMS 跨站脚本漏洞
InstantCMS is a free and open source CMS. A cross-site scripting vulnerability exists in InstantCMS before version 2.16.3, which stems from the lack of effective filtering and escaping of user-supplied data in the photo upload function of the album page, and can be exploited by an attacker to...