EUVD-2013-7270

Malware in sbrugna...

CVE-2013-10051

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...

CVE-2013-10051

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...

CVE-2013-10051

InstantCMS

CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...

PT-2025-31688 · Unknown · Instantcms

Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 1.7 Description: A remote PHP code execution issue exists due to the unsafe use of the eval function within the search view handler. User-supplied input via the look parameter is concatenated into a PHP expression...

CVE-2024-31213

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...

CVE-2024-50348

InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS Cross Site Scripting payload and execute. This vulnerability is fixed in 2.16.3...

InstantCMS Cross-Site Scripting Vulnerability

InstantCMS is a free and open source CMS. A cross-site scripting vulnerability exists in InstantCMS before version 2.16.3, which stems from the lack of effective filtering and escaping of user-supplied data in the photo upload function of the album page, and can be exploited by an attacker to...

CVE-2024-31213 InstantCMS Open Redirect vulnerability

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...

PT-2014-66: Cross-Site Scripting in InstantCMS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in InstantCMS. Cross-site scripting in the frontend.php file allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to fi...