172 matches found
CVE-2015-1467
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the 1 language or 2 type parameter to private/en/locale/index...
CVE-2015-1467
Fork CMS is affected by SQL injection in the Translations feature prior to version 3.8.6. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the language[] and type[] parameters sent to private/en/locale/index. The issue is triggered when an authenticated us...
Fork CMS 3.8.5 SQL Injection Vulnerability
Fork CMS version 3.8.5 suffers from a remote SQL injection vulnerability. Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability...
Fork CMS 3.8.5 SQL Injection
CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...
Fork CMS 'loadForm()' Function Cross-Site Scripting Vulnerability
Fork CMS is a CMS system developed in PHP. A cross-site scripting vulnerability exists in the Fork CMS 'loadForm' function due to the program failing to properly filter user-supplied input. An attacker could use this vulnerability to execute arbitrary script code or steal cookie-based...
Fork CMS 3.8.3 Cross Site Scripting
Exploit Title: XSS Vulnerability in Fork CMS 3.8.3 Google Dork: N/A Date: 12/26/2014 Exploit Author: Le Ngoc phi [email protected] and ITAS Team www.itas.vn Vendor Homepage: http://www.fork-cms.com Software Link: http://www.fork-cms.com/blog/detail/fork-3.8.4-released Version: Fork 3.8.3 Tested on...
Fork CMS 3.2.4 - Multiple Vulnerabilities (LFI - XSS)
No description provided by source...
Fork CMS Cross Site Request Forgery
==================================================================================== Fork-CMS CSRF: Introduction Author: Rafay Baloch CSRF OR XSRF Cross site request forgery occurs when the victim forces your browser to send a forged request and makes the victim performing a particular action. An...
Fork CMS Cross Site Scripting
=================================================================================== Fork-CMS Stored XSS: Stored XSS: Author: Rafay Baloch Introduction: Cross Site scritping XSS has been a problem for ages, XSS occurs when the input data is copied into application responses without being sanitized...
Fork CMS Local File Inclusion
============================================================================== Fork-CMS Local File Inclusion: Author: Rafay Baloch Introduction: Local file inclusion vulnerability occur when the include function is not sanitized properl, LFI is classified under OWASP Top10 under "A4 Insecure Dire...
Fork CMS - js.php Local File Inclusion
Fork CMS - js.php Local File Inclusion source: https://www.securityfocus.com/bid/59298/info Fork CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in...
Fork CMS - 'js.php' Local File Inclusion
source: https://www.securityfocus.com/bid/59298/info Fork CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process...
CVE-2012-1188
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...
CVE-2012-5164
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to 1 autocomplete.php, 2 search/ajax/autosuggest.php, 3 livesuggest.php, or 4 save.php in frontend/modules/search/ajax...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to 1 autocomplete.php, 2 search/ajax/autosuggest.php, 3 livesuggest.php, or 4 save.php in frontend/modules/search/ajax...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...
CVE-2012-5164
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to 1 autocomplete.php, 2 search/ajax/autosuggest.php, 3 livesuggest.php, or 4 save.php in frontend/modules/search/ajax...
CVE-2012-1188
Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...
CVE-2012-5164
Fork CMS before 3.2.7 is affected by multiple XSS vulnerabilities that allow remote injection of arbitrary scripts via the term parameter to frontend/modules/search/ajax/autocomplete.php, search/ajax/autosuggest.php, livesuggest.php, and save.php. Affects Fork CMS 3.x up to 3.2.7; CVSSv2 base sco...
CVE-2012-1188
CVE-2012-1188 covers multiple XSS vulnerabilities in Fork CMS before 3.2.7. The flaws allow remote attackers to inject arbitrary HTML/JS via: (1) type and (2) querystring parameters to /private/en/error, and (3) name parameter to /private/en/locale/index. The issue affects Fork CMS versions up to...