CVE-2019-25529

Placeto CMS Alpha rv.4 contains an authenticated SQL injection vulnerability in the admin/edit.php endpoint via the page parameter. Attackers can craft GET requests to extract data using boolean-based blind, time-based blind, or union-based techniques without user interaction, with LOW privileges...

CVE-2019-25529 Placeto CMS Alpha rv.4 SQL Injection via page Parameter

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

Summary The REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts...

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

Summary The updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never verifies that the caller owns the target account id !== userData.user.id. Any authenticated visitor...

Authorization Bypass Through User-Controlled Key

Overview @studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by...

Authorization Bypass Through User-Controlled Key

Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a...

EUVD-2026-11367

StudioCMS S3 Storage Manager Authorization Bypass via Missing await on Async Auth Check...

GHSA-MM78-FGQ8-6PGR StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check

Summary The S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in JavaScript, !isAuthorizedtype always evaluates to false, completely bypassing the authorization check...

GHSA-PGPF-M8M4-6CG6 Winter vulnerable to privilege escalation by authenticated backend users

Impact Affected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security...

EUVD-2026-11406

Winter vulnerable to privilege escalation by authenticated backend users...

Winter vulnerable to privilege escalation by authenticated backend users

Impact Affected versions of Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security...

Exploit for Injection in Ghost

CVE-2026-29053 Ghost CMS RCE via jsonpath/static-eval prototy...

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

Placeto CMS SQL注入漏洞

Placeto CMS is a content management system developed by Blaher. Version 4 of Placeto CMS has a SQL injection vulnerability. This vulnerability stems from the page parameters having SQL injection vulnerabilities, which may allow authenticated attackers to manipulate database queries...

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS for Markdown, MDX, and JSON developed by Tina. Versions of TinaCMS prior to 2.1.8 contained a security vulnerability. This vulnerability stemmed from the TinaCMS CLI development server’s configuration using Vite, which disabled the built-in file system acces...

PT-2026-25011

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join without validating that the resulting path stays within the intend...

PT-2026-25012

Summary The TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary...

TinaCMS 路径遍历漏洞

TinaCMS is an open-source headless CMS for Markdown, MDX, and JSON developed by Tina. Versions of TinaCMS prior to 2.1.8 had a path traversal vulnerability. This vulnerability stemmed from the media endpoints exposed by the TinaCMS CLI development server, which allowed for path traversal attacks...

PT-2026-25013

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS for Markdown, MDX, and JSON developed by Tina. Versions of TinaCMS prior to 2.1.8 contained security vulnerabilities. These vulnerabilities stemmed from the TinaCMS CLI development server having a lax CORS policy configured. Combined with path traversal...