9 matches found
Cross site scripting
A cross site scripting XSS vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-25422
MARA CMS 7.5 is affected by a Cross-Site Scripting (XSS) vulnerability in the menuedit.php component. The issue arises from improper handling of user-supplied/output data in that module (lack of checksum filtering per CNVD-2021-84589). Several databases (NVD, Red Hat, CNVD, CNVD-2021-84589, CNNVD...
Design/Logic Flaw
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated admin/manager session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php...
CVE-2020-25042
CVE-2020-25042 concerns Mara CMS 7.5 where an authenticated admin/manager can upload PHP via codebase/handler.php after invoking codebase/dir.php?type=filenew, enabling arbitrary code execution. The vulnerability is triggered by an authenticated session and a crafted request; public exploit detai...
PT-2020-15905 · Mara · Mara Cms
Name of the Vulnerable Software and Affected Versions: Mara CMS version 7.5 Description: An issue exists that allows arbitrary file upload. To exploit this, an attacker needs a valid authenticated session and must make a "codebase/dir.php?type=filenew" request to upload PHP code to...
Mara CMS 7.5 - Reflective Cross-Site Scripting
Exploit Title: Mara CMS 7.5 - Reflective Cross-Site Scripting Google Dork: NA Date: 2020-08-01 Exploit Author: George Tsimpidas Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5 Tested on:...
CVE-2020-24223
Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...
Cross site scripting
Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...
CVE-2020-24223
Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...