CVE-2016-9026

Exponent CMS before 2.6.0 has improper input validation in fileController.php...

Server Side Request Forgery

automad is vulnerable to Server Side Request Forgery. The vulnerability is due to improper validation of the importUrl argument within FileController.php. This issue can be exploited by an attacker to internal perform a port scan against the local environment or abuse local services...

GHSA-Q5Q3-QM26-9JWM Authenticated Blind SSRF in automad/automad

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in importUrl as the import function on the FileController.php file was not properly validating the value of the importUrl argument. This issue may allow attackers to perform a port scan against the local...

Authenticated Blind SSRF in automad/automad

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in importUrl as the import function on the FileController.php file was not properly validating the value of the importUrl argument. This issue may allow attackers to perform a port scan against the local...

CVE-2023-7037

A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit ha...

Server side request forgery (ssrf)

A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit ha...

CVE-2023-7037 automad FileController.php import server-side request forgery

A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated remotely. The exploit ha...

Cross-site Scripting (XSS)

nystudio107/craft-seomatic is vulnerable to cross-site scripting. The vulnerability exists because the actionSeoFileLink function of FileController.php does not properly check the file types, allowing an attacker to inject and execute malicious javascript by submitting a GET request to...

OIC Exponent CMS Input Validation Error Vulnerability (CNVD-2021-02002)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...

CVE-2016-9026

Exponent CMS before 2.6.0 has improper input validation in fileController.php...

CVE-2016-9026

Exponent CMS before 2.6.0 has improper input validation in fileController.php...

Input validation

Exponent CMS before 2.6.0 has improper input validation in fileController.php...

CVE-2016-9026

Exponent CMS before 2.6.0 has improper input validation in fileController.php...

CVE-2016-9026

CVE-2016-9026 affects Exponent CMS prior to 2.6.0, where improper input validation in fileController.php creates a vulnerability in the CMS. Multiple connected sources confirm the issue exists in Exponent CMS before 2.6.0; the problem is tied to fileController.php input handling. The exploitation...

OIC Exponent CMS 输入验证错误漏洞

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...