Cross-site Scripting (XSS)

Overview anchorcms/anchor-cms is a lightweight blog CMS for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the "page description" field in the page creation interface /admin/pages/add. An attacker can execute arbitrary JavaScript code by injecting...

Cross-Site Request Forgery (CSRF)

anchorcms/anchor-cms is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper request validation, which allows an attacker to forge requests and execute unauthorized actions on behalf of authenticated users...

Cross-Site Scripting (XSS)

anchorcms/anchor-cms is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the posts column in 'posts.php', allowing an attacker to upload the title and content which contains malicious code to obtain admin cookie to get the admin access...

Exploit for Cross-Site Request Forgery (CSRF) in Anchorcms Anchor_Cms

CVE-2020-23342 Note: When pulling this...

Cross-Site Scripting (XSS)

anchorcms/anchor-cms is vulnerable to cross-site scripting XSS. A user with a privilege to login as administrator is allowed to post arbitrary script via the post creation feature which will execute in a user's browser when visited...

AnchorCMS 0.12.3a - Information Disclosure

AnchorCMS 0.12.3a - Information Disclosure Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...

AnchorCMS < 0.12.3a - Information Disclosure Exploit

Exploit for multiple platform in category web applications Exploit Title: Information disclosure MySQL password in error log Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...

AnchorCMS &lt; 0.12.3a - Information Disclosure

Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version: 0.12.3a Tested on: Linux CVE : CVE-2018-725...

Cross-Site Scripting (XSS)

anchorcms/anchor-cms is susceptible to cross-site scripting XSS attacks. The attacks exist because it does not sanitize the raw current URL before returning it from currenturl function...

Cross-Site Scripting (XSS)

anchorcms/anchor-cms is vulnerable to cross-site scripting XSS attacks. These attacks are possible because the comment output from commenttext is not filtered and encoded properly, allowing a malicious user to inject and execute arbitrary web script through it...

Stored Cross-Site Scripting (XSS)

anchorcms/anchor-cms is susceptible to stored cross-site scripting XSS vulnerability. The vulnerability exists because user input to fields in admin panel are not properly escaped. Note: the fix introduced cannot prevent from DOM based XSS...

Cross-Site Scripting (XSS)

anchorcms/anchor-cms is vulnerable to cross-site scripting XSS attacks. The attacks are possible because 404 errors and uncaught exception error are not filtered and encoded properly, allowing a malicious user to inject and execute arbitrary web script through a URI...

Header Injection

anchorcms/anchor-cms is vulnerable to header injection attacks. Using CLRF, attackers can inject headers into anchors/models/comment.php...

AnchorCMS PHP Object Injection and Weak PNRG Generation Vulnerabilities

AnchorCMS is an open source lightweight blogging system. AnchorCMS remote PHP object injection and weak PNRG generator vulnerability allows attackers to submit specially crafted serialized objects or brute-force attack to inject arbitrary objects and execute arbitrary PHP code...

Anchor CMS 0.9.1 - Persistent Cross-Site Scripting

Exploit Title : AnchorCMS Stored XSS exploit v0.9.1 Exploit Author: DURAKIBOX / dn5 Website : halisduraki.com Email : [email protected] Date : 18.7.2013. CMS uri : http://anchorcms.com/ Version : AnchorCMS File : article.php file shows article/post page with text written by owners. If owner enable...