43682 matches found
CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2025-63644
A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...
PT-2026-3030
Name of the Vulnerable Software and Affected Versions phpKF CMS version 3.00 Beta y6 Description The software contains an unauthenticated file upload issue that enables remote attackers to execute arbitrary code. This is achieved by bypassing file extension checks, allowing attackers to upload a...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2026-1034)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...
phpKF CMS security vulnerability
phpKF CMS is a content management system developed by the Turkish company phpKF. The phpKF CMS 3.00 Beta y6 version contains a security vulnerability. This vulnerability stems from an unverified file upload function, which may bypass file extension checks, allowing remote code execution...
Umbraco CMS code-related vulnerabilities
Umbraco CMS is a content management system developed by the Danish company Umbraco. Version 8.14.1 of Umbraco CMS has a code vulnerability that stems from improper handling of the baseUrl parameter, which may lead to server-side request forgeing...
PT-2026-3051
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...
EulerOS 2.0 SP12 : openssl (EulerOS-SA-2026-1096)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...
CVE-2022-50937
Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...
CVE-2022-50906
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...
CVE-2022-50905
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...
CVE-2023-54340
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...
CVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-71166
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...
pH7-Social-Dating-CMS affected by a stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...
CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...
CVE-2025-71166
CVE-2025-71166 affects Typesetter CMS versions up to and including 5.1. The vulnerability is a reflected cross-site scripting (XSS) in the administrative interface, specifically in the Tools Status move message handling. The path parameter is reflected into HTML output without proper encoding in ...