27 matches found
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
EUVD-2026-22987
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...
EUVD-2026-22989
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
EUVD-2026-22985
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
Slah CMS 安全漏洞
Slah CMS is a content management system developed by the Brazilian company Slah. Versions of Slah CMS prior to 1.5.0 contain security vulnerabilities. These vulnerabilities stem from defects in the session function located in the config.php file, which may lead to remote code execution...
CVE-2026-30995
Slah CMS
CVE-2026-30993
Slah CMS
CVE-2026-30994
CVE-2026-30994 affects Slah CMS. Affected component: the config.php module in Slah versions v1.5.0 and below . The issue is described as incorrect access control, allowing an unauthenticated attacker to access sensitive information, including active session credentials. Across multiple connected ...
PT-2026-33101
CVE-2026-30995 Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador ver.php endpoint. https://t.co/FW642LmQMP...
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...