13 matches found
CVE-2026-43936
Summary: CVE-2026-43936 affects the e107 content management system (CMS). Before version 2.3.4, an SSRF flaw in the remote file fetcher can be triggered via the Image/File URL field in Media Manager’s From a remote location, allowing access to local environment resources. The issue is fixed in 2....
CVE-2022-50906
e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...
EUVD-2025-25830
Malicious code in bioql PyPI...
CVE-2025-52353
CVE-2025-52353 affects Badaso CMS 2.9.11 where the Media Manager file-upload endpoint bypasses content-type validation, allowing authenticated users to upload files containing embedded PHP code. When such a file is accessed via its URL, the server executes the PHP payload, enabling arbitrary syst...
CVE-2024-12821
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upmuploadmedia function in all versions up to, and including, 3.12.0. This makes it possible for authenticated...
CVE-2024-12822 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the addcaptoimg function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated...
Joomla! 3.2.x < 3.8.8 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...
Joomla! 3.5.x < 3.8.8 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...
Joomla! 3.0.x < 3.8.8 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...
Joomla! 3.8.x < 3.8.8 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...
Joomla! 3.3.x < 3.8.8 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...
LEPTON 2.2.2 - Remote Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...
Directory traversal
Directory traversal vulnerability in the media manager in Nucleus CMS before 3.40 allows remote attackers to read arbitrary files via unknown vectors...