Lucene search
K

13 matches found

CVE
CVE
added 2026/05/26 2:51 p.m.16 views

CVE-2026-43936

Summary: CVE-2026-43936 affects the e107 content management system (CMS). Before version 2.3.4, an SSRF flaw in the remote file fetcher can be triggered via the Image/File URL field in Media Manager’s From a remote location, allowing access to local environment resources. The issue is fixed in 2....

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.5 views

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

4.8CVSS6.3AI score0.00353EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25830

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00607EPSS
Exploits1References3
CVE
CVE
added 2025/08/26 12:0 a.m.25 views

CVE-2025-52353

CVE-2025-52353 affects Badaso CMS 2.9.11 where the Media Manager file-upload endpoint bypasses content-type validation, allowing authenticated users to upload files containing embedded PHP code. When such a file is accessed via its URL, the server executes the PHP payload, enabling arbitrary syst...

9.8CVSS7.5AI score0.00607EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/01/30 2:15 p.m.5 views

CVE-2024-12821

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upmuploadmedia function in all versions up to, and including, 3.12.0. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00349EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 1:42 p.m.36 views

CVE-2024-12822 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the addcaptoimg function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated...

9.8CVSS0.00557EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.20 views

Joomla! 3.2.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.38 views

Joomla! 3.5.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.22 views

Joomla! 3.0.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.42 views

Joomla! 3.8.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.28 views

Joomla! 3.3.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References17
Exploit DB
Exploit DB
added 2016/11/21 12:0 a.m.63 views

LEPTON 2.2.2 - Remote Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...

7.4AI score
Exploits0
Prion
Prion
added 2009/03/17 9:30 p.m.12 views

Directory traversal

Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors...

5CVSS7.2AI score0.01599EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder