105 matches found
Open Redirect in forkcms/forkcms
✍️ Description The forkcms is vulnerable to Open Redirect through invalid characters in the URL path. 🕵️♂️ Proof of Concept With an authenticated user, access: http://localhost/private/en/authentication?querystring=/%01/effectrenan.com 💥 Impact This vulnerability allows attackers to fool victims...
Open Redirect in forkcms/forkcms
✍️ Description Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that...
Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.
Welcome to the Wallarm weekly web exploits digest! Since this week, we will publish our weekly digests consists of web exploits with CVSS scores higher than 5. It will be followed by explanations, risks analysis, related stories and news. So, here we go! The most sophisticated and interesting...
ForkCMS PHP Object Injection Vulnerability
ForkCMS PHP Object Injection ========================= | Target: | ForkCMS | | Vendor: | ForkCMS | | Version: | all versions below version 5.8.3 | | CVE: | CVE-2020-24036 | | Accessibility: | Remote | | Severity: | Medium | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology |...
ForkCMS PHP Object Injection
ForkCMS PHP Object Injection ========================= | Identifier: | AIT-SA-20210215-04 | | Target: | ForkCMS | | Vendor: | ForkCMS | | Version: | all versions below version 5.8.3 | | CVE: | CVE-2020-24036 | | Accessibility: | Remote | | Severity: | Medium | | Author: | Wolfgang Hotwagner AIT...
ForkCMS PHP Object Injection Vulnerability
ForkCMS is an open source content management system CMS written in PHP. A PHP object injection vulnerability exists in the back-end Ajax endpoint of ForkCMS versions prior to 5.8.3. A remote authenticated attacker can exploit this vulnerability to execute malicious code...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
Code injection
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
CVE-2020-24036
ForkCMS prior to version 5.8.3 is affected by PHP object injection via the backend Ajax endpoint. The vulnerability allows an authenticated remote user to inject PHP objects through unserialize calls in the Ajax handlers, enabling remote code execution. The issue is specific to ForkCMS’s backend ...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
Fork ForkCMS 安全漏洞
ForkCMS is an open source content management system CMS written in PHP. A PHP object injection vulnerability exists in the back-end Ajax endpoint of ForkCMS versions prior to 5.8.3. A remote authenticated attacker can exploit this vulnerability to execute malicious code...
Cross-site Scripting (XSS) - Generic in forkcms/forkcms
Description ForkCMS is an easy to use open source CMS using Symfony Components this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/forkcms/forkcms Steps To Reproduce-: 1 install https://github.com/forkcms/forkcms locally or https://demo.fork-cms.com/private/ use demo...
Cross-site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the data values provided by the user such as navigationtitle and pageTitle in the function createHtml, allowing a malicious user to inject and execute malicious web script...
Cross-Site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting XSS. The facebookadminids parameter under the application's private settings is not validated and HTML encoded before being displayed on a user's browser, allowing a remote attacker to inject arbitrary Javascript into the victim's browser...
ForkCMS 5.0.6 Cross Site Scripting
Stored Cross-site Scripting Vulnerabilities in ForkCMS 5.0.6 Information -------------------- Advisory by Netsparker Name: Stored Cross-site Scripting Vulnerabilities in ForkCMS Affected Software: ForkCMS Affected Versions: 5.0.6 Homepage: https://www.fork-cms.com/ Vulnerability: Stored Cross-sit...
Cross-site Scripting (XSS)
forkcms is vulnerable to cross-site scripting XSS attacks. The library does not properly escape special characters in the src/Backend/Modules/Search/Actions/Statistics.php file, allowing a malicious user to inject and execute arbitrary web script...
Open Redirect
forkcms is vulnerable to open redirect attacks. The library uses the target='blank' parameter in its links, granting the linked page partial access to the window.object object, which can then be used to redirect a user to a malicious page...
Cross-site Scripting (XSS)
forkcms is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape user input strings in the loadDataGrids function in src/Backend/Modules/Blog/Actions/Comments.php, allowing a malicious user to inject and execute web script...
SQL Injection
forkcms is vulnerable to SQL injection. Attackers can leverage a flaw in the language or type parameters in the translations feature to execute SQL commands...