Lucene search
K

23 matches found

Github Security Blog
Github Security Blog
added 2026/04/14 11:34 p.m.7 views

Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action

Summary The actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no equivalent authorization check for removals, so submitting an empty groups...

5.3CVSS6AI score0.00248EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:27 p.m.8 views

CVE-2018-12250

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

7.2CVSS7.5AI score0.01626EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4228

Malware in sbrugna...

7.2CVSS7AI score0.01626EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-3143

Malware in sbrugna...

7.5CVSS6.4AI score0.01042EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-15700

Malware in sbrugna...

8.8CVSS8.6AI score0.00783EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2023/08/15 12:0 a.m.276 views

Elite CMS Pro 2.01 SQL Injection

====================================================================================================================================== | Title : Elite CMS Pro V2.01 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-b...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/02 12:0 a.m.242 views

CMS-pro 5.0 SQL Injection

====================================================================================================================================== | Title : ِCMS-pro v.5.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : https://Wojoscripts.com | | Dor...

7.1AI score
Exploits0
OSV
OSV
added 2021/04/13 6:15 a.m.3 views

CVE-2021-29054

Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...

8.8CVSS7.3AI score0.00783EPSS
Exploits0References3
NVD
NVD
added 2021/04/13 6:15 a.m.20 views

CVE-2021-29054

Certain Papoo products are affected by: Cross Site Request Forgery CSRF in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges remote...

8.8CVSS0.00783EPSS
Exploits0References3
NVD
NVD
added 2019/07/03 5:15 p.m.20 views

CVE-2018-12250

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

7.2CVSS7.3AI score0.01626EPSS
Exploits1References2
OSV
OSV
added 2019/07/03 5:15 p.m.2 views

CVE-2018-12250

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

7.2CVSS5.8AI score0.01626EPSS
Exploits1References2
Prion
Prion
added 2019/07/03 5:15 p.m.20 views

Sql injection

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

6.5CVSS7.3AI score0.01626EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/07/03 4:57 p.m.21 views

CVE-2018-12250

An issue was discovered in Elite CMS Pro 2.01. In /admin/addsidebar.php, the ?page= parameter is vulnerable to SQL injection...

7.4AI score0.01626EPSS
Exploits1References2
CVE
CVE
added 2019/07/03 4:57 p.m.59 views

CVE-2018-12250

Summary of vulnerability (CVE-2018-12250) : Multiple sources confirm a SQL injection flaw in Elite CMS Pro 2.01, specifically in the /admin/add_sidebar.php file via the vulnerable ?page= parameter. The issue is described as allowing the execution of arbitrary SQL commands, with the potential for ...

7.2CVSS7.3AI score0.01626EPSS
Exploits1References2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Ferdows CMS Pro <= 1.1.0 - Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm Fix: N/A 1...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/12/05 12:0 a.m.33 views

Pulse CMS Basic - Local File Inclusion

'Pulse CMS Basic' Local File Inclusion Vulnerability CVE-2010-4330 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local file inclusion due to a null-byte...

6.8CVSS6.5AI score0.0263EPSS
Exploits6
NVD
NVD
added 2008/07/11 10:41 p.m.15 views

CVE-2008-3153

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

7.5CVSS8.4AI score0.01042EPSS
Exploits0References5
Prion
Prion
added 2008/07/11 10:41 p.m.14 views

Sql injection

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

7.5CVSS9.1AI score0.01042EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/07/11 10:0 p.m.17 views

CVE-2008-3153

SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header...

8.4AI score0.01042EPSS
Exploits0References5
CVE
CVE
added 2008/07/11 10:0 p.m.34 views

CVE-2008-3153

CVE-2008-3153 affects Triton CMS Pro, with a SQL injection vulnerability exploitable via the X-Forwarded-For HTTP header. The available documents identify the vulnerability class and entry but do not specify affected versions, root cause details beyond “SQL injection,” or concrete remediation ste...

7.5CVSS8.4AI score0.01042EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder