Lucene search
K

42 matches found

Cvelist
Cvelist
added 2023/09/26 12:0 a.m.30 views

CVE-2023-43154

In Macrob7 Macs Framework Content Management System CMS 1.1.4f, loose comparison in "isValidLogin" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account...

9.8AI score0.00973EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.4 views

PT-2023-28721 · Macrob7 · Macrob7 Macs Framework Content Management System

Name of the Vulnerable Software and Affected Versions: Macrob7 Macs Framework Content Management System CMS version 1.1.4f Description: The issue is related to a PHP type confusion vulnerability due to loose comparison in the isValidLogin function during a login attempt. This vulnerability can le...

9.8CVSS9.4AI score0.00973EPSS
Exploits1References4
CVE
CVE
added 2023/09/26 12:0 a.m.44 views

CVE-2023-43154

CVE-2023-43154 affects Macrob7 Macs Framework CMS v1.1.4f. The root cause is a PHP type confusion in a loose comparison (isValidLogin()) that compares username and password with == instead of ===, allowing authentication bypass and administrator takeover. The vulnerability arises during login whe...

9.8CVSS9.5AI score0.00973EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/26 12:0 a.m.12 views

CVE-2023-43154

In Macrob7 Macs Framework Content Management System CMS 1.1.4f, loose comparison in "isValidLogin" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account...

7.2AI score0.00973EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/24 12:0 a.m.6 views

Macrob7 Macs Framework Cms Security Vulnerability

Macrob7 Macs Framework Cms is an open source Cms framework by the individual developer Macdonald Terrence Robinson. A security vulnerability exists in Macrob7 Macs Framework Cms v1.1.4f CMS, which stems from a type confusion vulnerability in the isValidLogin function. The vulnerability can be...

9.8CVSS7AI score0.00973EPSS
Exploits1References4
CNVD
CNVD
added 2021/10/26 12:0 a.m.21 views

Macrob7 Macs Framework Cms SQL Injection Vulnerability

Macrob7 Macs Framework Cms is an open source Cms framework from the personal developer Macdonald Terrence Robinson. version 1.14 of the Macrob7 Macs Framework Content Management System is vulnerable to SQL injection, which allows attackers to SQL injection can be performed via the "roleId"...

7.2CVSS4.8AI score0.01098EPSS
Exploits1References1
NVD
NVD
added 2021/10/22 8:15 p.m.19 views

CVE-2020-36498

Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...

5.4CVSS0.00551EPSS
Exploits1References1
OSV
OSV
added 2021/10/22 8:15 p.m.4 views

CVE-2020-23047

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...

6.1CVSS5.7AI score0.00716EPSS
Exploits1References1
OSV
OSV
added 2021/10/22 8:15 p.m.2 views

CVE-2020-23045

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...

7.2CVSS5.8AI score0.01098EPSS
Exploits1References1
NVD
NVD
added 2021/10/22 8:15 p.m.31 views

CVE-2020-23045

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...

7.2CVSS0.01098EPSS
Exploits1References1
NVD
NVD
added 2021/10/22 8:15 p.m.20 views

CVE-2020-23047

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...

6.1CVSS0.00716EPSS
Exploits1References1
Prion
Prion
added 2021/10/22 8:15 p.m.16 views

Cross site scripting

Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...

3.5CVSS5.3AI score0.00551EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/10/22 8:15 p.m.11 views

Sql injection

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...

6.5CVSS7.2AI score0.01098EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/10/22 8:15 p.m.11 views

Cross site scripting

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...

4.3CVSS6AI score0.00716EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/10/22 7:20 p.m.55 views

CVE-2020-23045

Macrob7 Macs Framework Content Management System, version 1.14f, is reported to contain an SQL injection vulnerability in the editRole and deletUser modules triggered by the roleId parameter. The root cause is improper handling of the roleId input leading to SQL injection. No explicit remediation...

7.2CVSS7.2AI score0.01098EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/22 7:20 p.m.24 views

CVE-2020-23045

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the editRole and deletUser modules...

7.3AI score0.01098EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/10/22 7:20 p.m.28 views

CVE-2020-23047

Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting XSS vulnerability in the search input field of the search module...

6AI score0.00716EPSS
Exploits1References1
CVE
CVE
added 2021/10/22 7:20 p.m.42 views

CVE-2020-23047

CVE-2020-23047 corresponds to a cross-site scripting (XSS) vulnerability in the Macrob7 Macs Framework Content Management System (CMS) version 1.14f, specifically in the search input field of the search module. Multiple connected sources confirm the issue and identify the affected product and ver...

6.1CVSS6AI score0.00716EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/10/22 7:19 p.m.21 views

CVE-2020-36498

Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...

5.3AI score0.00551EPSS
Exploits1References1
CVE
CVE
added 2021/10/22 7:19 p.m.48 views

CVE-2020-36498

The CVE-2020-36498 entry concerns Macrob7 Macs Framework Content Management System (CMS) v1.14f. A cross-site scripting (XSS) vulnerability exists in the account reset function, allowing an attacker to execute arbitrary web scripts or HTML via a crafted payload in the email input field. The issue...

5.4CVSS5.3AI score0.00551EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder