Lucene search
K

10 matches found

OSV
OSV
added 2024/03/06 11:6 a.m.15 views

BIT-SILVERSTRIPE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS7.4AI score0.01686EPSS
Exploits0References3
NVD
NVD
added 2020/04/15 9:15 p.m.44 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS7.5AI score0.01686EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/04/15 8:18 p.m.37 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5AI score0.01686EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2018/10/29 12:0 a.m.34 views

RhinOS CMS 3.x Arbitrary File Download

Exploit Title: RhinOS CMS 3.x - Arbitrary File Download Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.saltos.org/ Software Link: https://netix.dl.sourceforge.net/project/rhinos/archived/r1190/RhinOS-en-3.0-1190.win32.exe Version: 3.1 r0 / 3.x Category: Webapp...

0.1AI score0.02627EPSS
Exploits5
CVE
CVE
added 2017/06/29 8:0 a.m.50 views

CVE-2017-10673

CVE-2017-10673 affects GetSimple CMS 3.x; the admin/profile.php name field is vulnerable to cross-site scripting (XSS). The root cause is improper handling/escaping of the name value, enabling injection of arbitrary script/HTML. Impact is limited to contexts where the vulnerable profile name is r...

6.1CVSS5.9AI score0.00651EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2010/01/04 5:30 p.m.10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the 1 categoryid parameter to forums.php, or the forumid parameter to 2 forum.php or 3 forumtopicnew.php...

4.3CVSS6.1AI score0.01846EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2010/01/04 5:0 p.m.48 views

CVE-2009-4547

CVE-2009-4547 documents multiple XSS vulnerabilities in ViArt CMS 3.x . The flaws let remote attackers inject arbitrary JavaScript/HTML via user-supplied parameters: (1) category_id to forums.php, or (2) forum_id to forum.php, or (3) forum_topic_new.php . The root cause is cross-site scripting in...

4.3CVSS5.9AI score0.01846EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2009/03/09 9:30 p.m.10 views

CVE-2009-0825

SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.2AI score0.01256EPSS
Exploits3References7
0day.today
0day.today
added 2009/02/10 12:0 a.m.15 views

Papoo CMS 3.x (pfadhier) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications =========================================================== Papoo CMS 3.x pfadhier Local File Inclusion Vulnerability =========================================================== + Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod +...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/02/10 12:0 a.m.30 views

Papoo CMS 3.x - 'pfadhier' Local File Inclusion

Papoo CMS 3.6 Local File Inclusion + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + www.hellzone.info + Script Homepage : http://www.papoo-cms.com/ + Local File Inclusion - PoC : http://127.0.0.1/path/lib/classes/messageclass.php?pfadhier=Local File%00 - Example :...

7.4AI score
Exploits0
Rows per page
Query Builder