Lucene search
K

79 matches found

CVE
CVE
added 2026/06/05 6:20 p.m.22 views

CVE-2026-46392

HAX CMS (PHP, pre-26.0.0) has a case-sensitivity mismatch in HTML upload handling. The saveFile endpoint validates extensions case-insensitively but the .htaccess rule enforcing Content-Disposition: attachment for HTML is case-sensitive. As a result, an uploaded HTML file with an uppercase extens...

8.7CVSS5.5AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-18426

Malware in sbrugna...

8.8CVSS8.7AI score0.00572EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-19280

Malware in sbrugna...

6.1CVSS6.3AI score0.00826EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-13480

Malware in sbrugna...

4.8CVSS5.1AI score0.00527EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-13482

Malware in sbrugna...

4.8CVSS5.1AI score0.00579EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-13479

Malware in sbrugna...

7.2CVSS7AI score0.0195EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2021-21927

Malware in sbrugna...

9.8CVSS9.2AI score0.00656EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-2248

Malware in sbrugna...

8.8CVSS8.8AI score0.00614EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-10598

Malware in sbrugna...

9.8CVSS9.5AI score0.01135EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-2502

Malware in sbrugna...

9.8CVSS9.5AI score0.02638EPSS
Exploits2References2
NVD
NVD
added 2025/06/09 9:15 p.m.11 views

CVE-2025-49137

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in...

8.5CVSS0.00231EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/09 9:11 p.m.18 views

CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

8.5CVSS0.01496EPSS
Exploits1References2
CVE
CVE
added 2025/06/09 9:11 p.m.139 views

CVE-2025-49141

The CVE-2025-49141 entry concerns HAX CMS PHP (pre-11.0.3) with an OS command injection in the gitImportSite flow. The issue arises when gitImportSite retrieves a URL from a POST request and performs insufficient input validation; later, set_remote passes the input to proc_open, enabling an attac...

8.8CVSS9AI score0.01496EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2025/06/09 9:11 p.m.5 views

CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

8.5CVSS9AI score0.01496EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:28 a.m.7 views

CVE-2023-44381

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

4.9CVSS6.8AI score0.00511EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 p.m.12 views

CVE-2021-32649

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...

8.8CVSS7.1AI score0.01336EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:37 p.m.13 views

CVE-2021-35284

SQL Injection vulnerability in function getuser in loginmanager.php in rizalafani cms-php v1...

9.8CVSS8.2AI score0.00656EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:59 p.m.11 views

CVE-2020-20698

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...

7.2CVSS7.9AI score0.0195EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.10 views

CVE-2020-20701

A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS5.7AI score0.00579EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.8 views

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

4.8CVSS5.8AI score0.00527EPSS
Exploits1
Rows per page
Query Builder