Lucene search
K

63 matches found

CNNVD
CNNVD
added 2023/12/21 12:0 a.m.4 views

Automad Code Injection Vulnerability

Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...

5.4CVSS6.2AI score0.0061EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.5 views

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...

5.4CVSS5.3AI score0.00464EPSS
Exploits2References2
NVD
NVD
added 2023/06/14 11:15 p.m.41 views

CVE-2023-34452

Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...

6.1CVSS5.9AI score0.00592EPSS
Exploits1References1
NVD
NVD
added 2023/06/14 10:15 p.m.49 views

CVE-2023-34251

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this...

9.9CVSS9.9AI score0.02338EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/14 10:6 p.m.36 views

CVE-2023-34448 Grav Server-side Template Injection (SSTI) via Twig Default Filters

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke...

8.8CVSS8.3AI score0.04515EPSS
Exploits1References5
Prion
Prion
added 2022/10/24 2:15 p.m.19 views

Code injection

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the code or password-reset auth method with the...

2.6CVSS4.3AI score0.00349EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.5 views

automad 跨站脚本漏洞

automad is a flat file content management system and template engine. automad version 1.10.9 and prior versions contain a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting attacks...

5.4CVSS5.1AI score0.00636EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/10 12:0 a.m.3 views

Statamic 代码注入漏洞

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. Statamic suffers from a code injection vulnerability that arises from a network system or product not properly filtering specific elemen...

9.8CVSS8.7AI score0.01724EPSS
Exploits1References2
CNVD
CNVD
added 2021/06/22 12:0 a.m.12 views

XSS vulnerability in bludit-cms

bludit-cms is a flat file content management system. An XSS vulnerability exists in bludit-cms, which can be exploited by an attacker to obtain sensitive information such as user cookies...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.6 views

Typesetter 跨站脚本漏洞

Typesetter is an open source CMS written in PHP with True WYSIWYG editing and flat file storage. Typesetter suffers from a cross-site scripting vulnerability. The vulnerability can be exploited to conduct cross-site scripting attacks via the className and Description fields in...

6.1CVSS5.2AI score0.00819EPSS
Exploits1References2
SonarSource Blog
SonarSource Blog
added 2021/06/01 12:0 a.m.95 views

Grav CMS 1.7.10 - Code Execution Vulnerabilities

In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...

6.5CVSS8.1AI score0.30623EPSS
Exploits5
GithubExploit
GithubExploit
added 2021/02/18 10:27 a.m.5 views

note-mark

Note Mark !License: AGPL V3https://img.shields.io/github/li...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2020/12/30 12:0 a.m.8 views

WonderCMS 跨站脚本漏洞

WonderCMS is an open source, fast, small and simple flat file cms. A cross-site scripting vulnerability exists in the "Page Description" component of WonderCMS 3.1.3. An attacker can exploit this vulnerability to steal cookies...

5.4CVSS5.6AI score0.01271EPSS
Exploits3References2
CNVD
CNVD
added 2018/01/29 12:0 a.m.5 views

WonderCMS HTTP Host Header Injection Vulnerability

WonderCMS is an open source, fast, small and simple flat file cms. WonderCMS 2.3.1 suffers from an HTTP host header injection vulnerability. An attacker can exploit the vulnerability to redirect pages...

7.5CVSS7.3AI score0.08045EPSS
Exploits5References1
0day.today
0day.today
added 2016/11/08 12:0 a.m.28 views

Grimbb 1.3 Hash Disclosure Vulnerability

Exploit for php platform in category web applications Grimbb V1.3 User and Password Hash Disclosure ============================================== Discovered by NA, NAattutanota.com ======================================= Description ============ A PHP 4 Open Source Flat File Based Bulletin Board...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/06/01 12:0 a.m.76 views

AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: ======================= AjaxExplorer v1.10.3.2 Manage server files through simple windows...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Feindura File Manager 1.0(rc) - Remote File Upload

No description provided by source. =================================================== Feindura File Manager 1.0rc - Remote File Upload =================================================== My + Author : KnocKout Contact : [email protected] Software info Web App. : Feindura - Flat File Content...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/12/12 12:0 a.m.23 views

gpEasy CMS - XSS Vulnerability

gpEasy CMS, http://www.gpeasy.com/ Easy to use True WYSIWYG Editing. Flat-file data storage and advanced resource management for fast websites. 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /'...

7.1AI score
Exploits0
0day.today
0day.today
added 2011/08/11 12:0 a.m.18 views

PHP Flat File Guestbook Remote File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: Rfi PHP Flat File Guestbook Date: 11-08-2011 Author: RiRes Walid Vendor or Software Link: http://www.advancebydesign.com Version: 1.0 Google dork: Tested on: Xp sp2 ------------------------------------------------------------...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/08/11 12:0 a.m.13 views

PHP Flat File Guestbook 1.0 - ffgb_admin.php Remote File Inclusion

PHP Flat File Guestbook 1.0 - ffgbadmin.php Remote File Inclusion source: https://www.securityfocus.com/bid/49138/info PHP Flat File Guestbook is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker...

0.1AI score
Exploits0
Rows per page
Query Builder