585 matches found
CVE-2023-31505
An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file...
CVE-2021-27903
An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes if an attacker were somehow able to hijack an administrator's session...
CVE-2022-42458
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...
CVE-2019-11456
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code...
CVE-2019-11515
core/classes/dbbackup.php in Gila CMS 1.10.1 allows admin/dbbackup?download= absolute path traversal to read arbitrary files...
CVE-2020-23049
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...
CVE-2024-41602
Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL...
CVE-2023-40028
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can...
CVE-2019-7356
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter...
CVE-2019-12617
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...
MiniCMS 授权问题漏洞
MiniCMS is a mini content management system designed for personal websites by the individual developer of Dada bg5sbk. An authorization issue vulnerability exists in MiniCMS 1.8 and earlier versions, which stems from incorrect operation of the file /minicms/mc-admin/post.php of the component Tras...
CVE-2025-15151 TaleLin Lin-CMS Tests Folder config.py password in configuration file
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...
EUVD-2025-204678
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
PT-2025-49139
Name of the Vulnerable Software and Affected Versions UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 Description The software contains a PHP object injection issue in the BxBaseMenuSetAclLevel.php component. The profile id POST parameter is passed to the PHP unserialize function without sufficient...
CVE-2025-11902
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public an...
EUVD-2018-8436
Malware in sbrugna...
EUVD-2021-1159
Malware in sbrugna...
EUVD-2020-21090
Malware in sbrugna...
EUVD-2020-24019
Malware in sbrugna...
EUVD-2020-19212
Malware in sbrugna...