Lucene search
K

43671 matches found

Nuclei
Nuclei
added 2026/02/04 7:0 a.m.93 views

UNA CMS <= 14.0.0-RC4 - PHP Object Injection

The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...

7.2AI score
Exploits1References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.296 views

Mura/Masa CMS - SQL Injection

The Mura/Masa CMS is vulnerable to SQL Injection. id: CVE-2024-32640 info: name: Mura/Masa CMS - SQL Injection author: iamnoooob,rootxharsh,pdresearch severity: critical description: | The Mura/Masa CMS is vulnerable to SQL Injection. impact: | Successful exploitation could lead to unauthorized...

9.8CVSS7.3AI score0.68593EPSS
Exploits3References2
GithubExploit
GithubExploit
added 2026/02/04 4:17 a.m.371 views

Exploit for CVE-2025-2304

Camaleon CMS 2.9.0 – Authenticated Privilege Escalation Role...

9.4CVSS5.6AI score0.00566EPSS
Exploits16
Packet Storm News
Packet Storm News
added 2026/02/04 12:0 a.m.5 views

Cockpit CMS 0.13.0 Multi-Endpoint Injection Scanner

Cockpit CMS version 0.13.0 multi-endpoint injection scanner. This tool is a defensive security scanner designed to safely assess web application endpoints for potential input-validation and injection weaknesses without executing any commands. It sends non-executable canary payloads through...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-6545

Name of the Vulnerable Software and Affected Versions Winter CMS versions prior to 1.2.10 Description Winter CMS versions before 1.2.10 allow users with access to the CMS Asset Manager to upload Scalable Vector Graphics SVGs without proper sanitization. An attacker needs access to the Backend wit...

5.4AI score0.00251EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6448

Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manage asse...

5.3AI score
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.152 views

📄 Monstra CMS 3.0.4 Shell Upload

Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...

5.4AI score
Exploits0
NVD
NVD
added 2026/02/03 10:16 p.m.7 views

CVE-2026-25510

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...

9.9CVSS0.00805EPSS
Exploits1References2
OSV
OSV
added 2026/02/03 10:16 p.m.8 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.2CVSS5.9AI score0.00365EPSS
Exploits1References3
NVD
NVD
added 2026/02/03 10:16 p.m.6 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.00365EPSS
Exploits1References3
OSV
OSV
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

8.8CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/02/03 10:16 p.m.7 views

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

7.2CVSS0.00234EPSS
Exploits1References3
NVD
NVD
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

8.8CVSS0.00471EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/03 10:4 p.m.1 views

Arbitrary File Upload

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the /backend/fileeditor/createFile and /backend/fileeditor/save API endpoints. An attacker can execute arbitrary code on the server by uploading...

9.9CVSS6.2AI score0.00805EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.27 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.00365EPSS
Exploits1References3
CVE
CVE
added 2026/02/03 10:1 p.m.13 views

CVE-2020-37076

Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.5 views

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.3 views

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

8.8CVSS5.8AI score0.00471EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.30 views

CVE-2020-37073 Victor CMS 1.0 - Authenticated Arbitrary File Upload

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

8.8CVSS0.00471EPSS
Exploits1References3
CVE
CVE
added 2026/02/03 10:1 p.m.21 views

CVE-2020-37073

Victor CMS 1.0 has an authenticated file-upload flaw in the user_image parameter. The vulnerability allows an administrator to upload arbitrary PHP files (a PHP shell) to the /img/ directory, enabling command execution when the uploaded file is accessed with a cmd parameter. The issue is describe...

8.8CVSS5.8AI score0.00471EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder