274 matches found
CVE-2025-10395 Magicblack MacCMS Scheduled Task col_url server-side request forgery
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function colurl of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-10395 Magicblack MacCMS Scheduled Task col_url server-side request forgery
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function colurl of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely...
CVE-2025-10395
The CVE-2025-10395 entry concerns Magicblack MacCMS (version 2025.1000.4050) where the col_url function in the Scheduled Task Handler is vulnerable. The root cause is improper manipulation of the cjurl parameter, enabling server-side request forgery. This can be triggered remotely and could impac...
PT-2025-37406
Name of the Vulnerable Software and Affected Versions: Magicblack MacCMS version 2025.1000.4050 Description: A server-side request forgery issue exists in the col url function of the Scheduled Task Handler component. Manipulation of the cjurl argument can trigger the issue, allowing for remote...
PT-2025-37408
Name of the Vulnerable Software and Affected Versions: Magicblack MacCMS version 2025.1000.4050 Description: A vulnerability exists in Magicblack MacCMS 2025.1000.4050, specifically within the API Handler component. Manipulation of the cjurl argument can lead to server-side request forgery SSRF...
CVE-2025-10122
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...
CVE-2025-10122
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...
CVE-2025-10122
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...
CVE-2025-10122 Maccms10 Database.php rep sql injection
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be use...
PT-2025-36564
Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...
maccms10 SQL注入漏洞
maccms10 is magicblack open source PHP+MYSQL environment to run a set of perfect and powerful rapid site-building system. maccms10 2025.1000.4050 version of the SQL injection vulnerabilities exist in the file application/admin/controller/Database. maccms10 2025.1000.4050 version of the SQL...
CVE-2025-45474
maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery SSRF in Email Settings...
maccms10 安全漏洞
maccms10 is magicblack open source a set of PHP + MYSQL environment running under the perfect and powerful rapid website building system. A security vulnerability exists in maccms10 version v2025.1000.4047, which originates from a server-side request forgery in email settings...
CVE-2024-32391
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload...
CVE-2022-27885
Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...
CVE-2022-27884
Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/plog/index.html via the wd parameter...
CVE-2021-43707
Cross Site Scripting XSS vulnerability exists in Maccms v10 via linkName parameter...
CVE-2020-21386
A Cross-Site Request Forgery CSRF in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges...
CVE-2020-21082
A cross-site scripting XSS vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names...
CVE-2020-21387
A cross-site scripting XSS vulnerability in the parameter typeen of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload...