Lucene search
K

274 matches found

Vulnrichment
Vulnrichment
added 2025/09/14 8:2 a.m.4 views

CVE-2025-10395 Magicblack MacCMS Scheduled Task col_url server-side request forgery

A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function colurl of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely...

5.8CVSS6.6AI score0.00318EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/14 8:2 a.m.8 views

CVE-2025-10395 Magicblack MacCMS Scheduled Task col_url server-side request forgery

A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function colurl of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely...

5.8CVSS0.00318EPSS
Exploits0References4
CVE
CVE
added 2025/09/14 8:2 a.m.16 views

CVE-2025-10395

The CVE-2025-10395 entry concerns Magicblack MacCMS (version 2025.1000.4050) where the col_url function in the Scheduled Task Handler is vulnerable. The root cause is improper manipulation of the cjurl parameter, enabling server-side request forgery. This can be triggered remotely and could impac...

7.2CVSS5.1AI score0.00318EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.6 views

PT-2025-37406

Name of the Vulnerable Software and Affected Versions: Magicblack MacCMS version 2025.1000.4050 Description: A server-side request forgery issue exists in the col url function of the Scheduled Task Handler component. Manipulation of the cjurl argument can trigger the issue, allowing for remote...

5.8CVSS4.8AI score0.00318EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.8 views

PT-2025-37408

Name of the Vulnerable Software and Affected Versions: Magicblack MacCMS version 2025.1000.4050 Description: A vulnerability exists in Magicblack MacCMS 2025.1000.4050, specifically within the API Handler component. Manipulation of the cjurl argument can lead to server-side request forgery SSRF...

5.8CVSS4.6AI score0.00318EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/09/11 3:19 a.m.18 views

CVE-2025-10122

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

5.8CVSS5AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 3:15 a.m.6 views

CVE-2025-10122

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

7.2CVSS0.003EPSS
Exploits0References4
OSV
OSV
added 2025/09/09 3:15 a.m.7 views

CVE-2025-10122

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

7.2CVSS5.7AI score0.003EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/09 2:32 a.m.13 views

CVE-2025-10122 Maccms10 Database.php rep sql injection

A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...

5.8CVSS0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36564

Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...

5.8CVSS5.3AI score0.003EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.6 views

maccms10 SQL注入漏洞

maccms10 is magicblack open source PHP+MYSQL environment to run a set of perfect and powerful rapid site-building system. maccms10 2025.1000.4050 version of the SQL injection vulnerabilities exist in the file application/admin/controller/Database. maccms10 2025.1000.4050 version of the SQL...

7.2CVSS5.8AI score0.003EPSS
Exploits0References4
OSV
OSV
added 2025/05/29 4:15 p.m.1 views

CVE-2025-45474

maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery SSRF in Email Settings...

7.3CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.5 views

maccms10 安全漏洞

maccms10 is magicblack open source a set of PHP + MYSQL environment running under the perfect and powerful rapid website building system. A security vulnerability exists in maccms10 version v2025.1000.4047, which originates from a server-side request forgery in email settings...

7.3CVSS6.8AI score0.00319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.11 views

CVE-2024-32391

Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload...

7.3CVSS7.3AI score0.0092EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.10 views

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

6.1CVSS6.4AI score0.00547EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:37 p.m.13 views

CVE-2022-27884

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...

6.1CVSS6.1AI score0.00547EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 p.m.9 views

CVE-2021-43707

Cross Site Scripting XSS vulnerability exists in Maccms v10 via linkName parameter...

6.1CVSS6AI score0.00631EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.8 views

CVE-2020-21386

A Cross-Site Request Forgery CSRF in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges...

8.8CVSS7.3AI score0.00422EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.7 views

CVE-2020-21082

A cross-site scripting XSS vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names...

6.1CVSS5.7AI score0.00662EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 p.m.12 views

CVE-2020-21387

A cross-site scripting XSS vulnerability in the parameter typeen of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload...

6.1CVSS5.8AI score0.00555EPSS
Exploits1
Rows per page
Query Builder