Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Version 2.0.5 of Yifang CMS has a code injection vulnerability, which stems from the handling of the Title parameter in the singlePage.php file. This vulnerability may lead to cross-site...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Version 2.0.5 of Yifang CMS has a code injection vulnerability. This vulnerability stems from the handling of the parameter linkName in the file DfriendLink.php, which may lead to cross-site...

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

CVE-2026-29784

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

BIT-GHOST-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

Server-Side Template Injection

Craft CMS is vulnerable to Server-Side Template Injection. The vulnerability is due to improper handling of Twig input using the map filter in certain fields, which allows an attacker to craft malicious payloads and execute arbitrary code on the server...

Missing Authorization

craftcms/cms is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the GraphQL @parseRefs directive, which allows an attacker to access sensitive attributes of CMS elements without proper permissions...

Server-Side Template Injection

Craft CMS is vulnerable to Server-Side Template Injection. The vulnerability is due to unsafe exposure of the create Twig function enabling arbitrary object instantiation combined with a Symfony Process gadget chain, which allows an attacker to execute arbitrary code on the server...

VulnCheck KEV: CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

CVE-2018-25200

CVE-2018-25200 concerns OOP CMS BLOG 1.0 with a cross-site request forgery that lets unauthenticated attackers craft POST requests to addUser.php (parameters: userName, password, email, role) to create an administrative account. Connected sources consistently describe the flaw and its target endp...

CVE-2018-25200

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

CVE-2018-25199 OOP CMS BLOG 1.0 SQL Injection via search parameter

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id...

CVE-2018-25179 Gumbo CMS 0.99 SQL Injection via settings endpoint

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

CVE-2018-25179 Gumbo CMS 0.99 SQL Injection via settings endpoint

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

CVE-2026-1468

Product: QuickCMS. Vulnerability: Cross-Site Request Forgery (CSRF) across multiple endpoints. An attacker can lure a victim to a crafted site that automatically issues a POST request using the victim’s credentials. Root cause / vector: The software does not implement protections against CSRF on ...

PT-2026-23691

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

Gumbo CMS SQL注入漏洞

Gumbo CMS is a content management system developed by Gumbo CMS Inc. Version 0.99 of Gumbo CMS has a SQL injection vulnerability. This vulnerability stems from the language parameter in the settings endpoint, which allows for SQL injections. It may lead to the execution of arbitrary SQL queries a...