SQL Injection

melisplatform/melis-cms is vulnerable to SQL injection.The vulnerability is due to improper validation of the idPage parameter in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint, which allows an attacker to retrieve, create, update, or delete database records through crafted SQL queries...

GHSA-MRMX-JFW8-QHGV Melis Platform CMS SQL Injection

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...

Exploit for CVE-2025-10353

CVE-2025-10353 - File Upload RCE PoC 🛠️ Exploit for CVE-202...

Path Equivalence

Overview melisplatform/melis-cms-slider is a Melis Platform slider module Affected versions of this package are vulnerable to Path Equivalence via the mcsdetailimg parameter. An attacker can execute arbitrary code on the server by uploading a malicious file through a POST request to...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the idPage parameter. An attacker can retrieve, create, update, or delete database records by injecting crafted input in the /melis/MelisCms/PageEdition/getTinyTemplates endpoint. Remediation Upgrade...

CVE-2025-10353

File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...

CVE-2025-10351

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...

CVE-2025-10353 Missing Authorization vulnerability in Melis Platform

File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...

CVE-2025-10353 Missing Authorization vulnerability in Melis Platform

File upload leading to remote code execution RCE in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetailimg'...

CVE-2025-10351

Melis Platform (melis-cms) is affected by a SQL injection in the idPage parameter of the /melis/MelisCms/PageEdition/getTinyTemplates endpoint. The vulnerability allows an attacker to retrieve, create, update, or delete database records. The exposed component is melis-cms within Melis Platform; r...

CVE-2025-10351 SQL injection vulnerability in Melis Platform

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...

PT-2025-41244

Name of the Vulnerable Software and Affected Versions Melis platform affected versions not specified Description A SQL injection issue exists in the melis-cms module of the Melis platform. This allows an attacker to retrieve, create, update, and delete databases. The vulnerability is located in t...

PT-2025-41246

Name of the Vulnerable Software and Affected Versions Melis Platform versions affected versions not specified Description A file upload issue exists in the “melis-cms-slider” module of Melis Technology's Melis Platform, potentially leading to remote code execution RCE. An attacker can upload a...

Melis Platform 安全漏洞

Melis Platform is an open source cross-framework digital platform from Melis Platform Open Source. A security vulnerability exists in Melis Platform, which stems from a flaw in the file upload functionality of the melis-cms-slider module that could lead to remote code execution...

Deserialization Of Untrusted Data

Melis-cms is vulnerable to untrusted data deserialization. The vulnerability exists in multiple functions due to adding allowedclasses=false parameter to the unserialize function, which allows an attacker to execute arbitrary PHP code on the system...

GHSA-M3M3-6GWW-7GJ9 melisplatform/melis-cms vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-cms = 5.0.1...

melisplatform/melis-cms vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-cms = 5.0.1...