5 matches found
CVE-2018-15850
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user...
Code injection
Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by 1 changing "PHPSESSID" to an array; 2 adding non-alphanumeric chars to "PHPSESSID"; 3 changing the image parameter to an array; or 4 changing the image parameter to a string, which reveals the installation path in an error...
CVE-2014-8707
Summary: CVE-2014-8707 is a cross-site scripting (XSS) vulnerability in TinyMCE within Pluck CMS version 4.7.2. The flaw allows remote authenticated users to inject arbitrary script/HTML via the TinyMCE “edit HTML source” option. The connected CNVD entry for Pluck CMS confirms a TinyMCE XSS issue...
pluck CMS 4.7.2 Path Traversal
No description provided by source...
pluck CMS 4.7.2 Path Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: pluck CMS 4.7.2 Path Traversal Date: 21-05-2015 Software Link: http://www.pluck-cms.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...