Lucene search
+L

8 matches found

osv
osv
added 2025/12/10 9:12 p.m.9 views

CVE-2024-58279 appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...

8.6CVSS6.6AI score0.00835EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/09/06 11:25 a.m.6 views

CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

9.8CVSS7.9AI score0.00353EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/06 11:25 a.m.8 views

CVE-2025-41059

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tablesorter...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
osv
osv
added 2025/09/04 11:15 a.m.4 views

CVE-2025-41034

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...

9.8CVSS5.7AI score0.00353EPSS
Exploits0References1
nvd
nvd
added 2025/09/04 11:15 a.m.12 views

CVE-2025-41033

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

9.8CVSS0.00353EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/09/04 12:0 a.m.7 views

PT-2025-35903

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection flaw exists in appRain CMF version 4.0.5. This flaw allows an attacker to retrieve, create, update, and delete the database through the data%5BAdmin%5D%5Busername%5D parameter in the...

9.8CVSS7.3AI score0.00353EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/09/04 12:0 a.m.6 views

PT-2025-35934

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A reflected cross-site scripting XSS issue exists in appRain CMF version 4.0.5. The issue is due to insufficient validation of user-supplied input. The vulnerability is triggered through the s parameter ...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References4
packetstorm
packetstorm
added 2024/06/03 12:0 a.m.290 views

appRain CMF 4.0.5 Shell Upload

Exploit Title: appRain CMF 4.0.5 - Remote Code Execution RCE Authenticated Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.apprain.org Software Link: https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip Version: latest Tested on: MacOS import requests...

7.4AI score
Exploits0
Rows per page
Query Builder