36 matches found
EUVD-2024-2962
Malicious code in bioql PyPI...
CVE-2021-32737
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection cross-site-scripting in the collection title. The problem is patched in version 1.6.41. As a workaround, on...
CVE-2024-47618 Sulu vulnerable to XSS via uploaded SVG
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded and accessed, the malicious javascript will be executed on the victims’ other users including...
FrogCms Cross-Site Request Forgery Vulnerability
FrogCMS is a lightweight PHP content management system A cross-site request forgery vulnerability exists in FrogCms version v0.9.5, which stems from /admin/? /snippet/delete/3 does not adequately verify that the request is from a trusted user. The vulnerability can be exploited by an attacker to...
WonderCMS ADMIN LOGIN URL Parameter Cross-Site Scripting Vulnerability
WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the ADMIN LOGIN URL parameter of the Settings section, which can be exploite...
CVE-2024-27915 Sulu grants access to pages regardless of role permissions
Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...
DeDeCMS File Upload Vulnerability (CNVD-2024-02995)
DeDeCMS is a PHP-based open source content management system CMS. The system features content publishing, content management, content editing and content retrieval. A file upload vulnerability exists in DeDeCMS version 5.7.112 and earlier versions, which stems from the application's lack of...
CLTPHP Input Validation Error Vulnerability
CLTPHP is an open source and efficient site-building PHP content management system. An input validation error vulnerability exists in CLTPHP version 6.0 and earlier versions, which stems from incorrect input validation in application/admin/controller/Template.php. An attacker can exploit this...
Elefant CMS Code Issues Vulnerabilities
Elefant CMS is a simple PHP content management system and web framework by Canadian John de Plume, an individual developer. A security vulnerability exists in Elefant CMS version 1.3.12-RC, which stems from unknown functionality in file/filemanager/upload/drop for component file uploads. A remote...
CVE-2021-43835 Privilege escalation in the Sulu Admin panel
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not...
FDCMS File Containment Vulnerability
FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...
RPCMS has a file upload vulnerability
RPCMS is a lightweight php content management system, which can be used as a blog system, corporate website system, etc. RPCMS has a file upload vulnerability that can be exploited by attackers to gain server privileges...
Command Execution Vulnerability in DHCMS
DHCMS is a content management system based on PHP and MySQL. DHCMS suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...
Arbitrary File Deletion Vulnerability in SECMS
SECMS is an open source PHP content management system. SECMS has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete files and cause a system reinstallation...
Arbitrary File Deletion Vulnerability in Catfish CMS
Catfish CMS is an open source and free PHP content management system. An arbitrary file deletion vulnerability exists in the Catfish CMS backend. An attacker can exploit the vulnerability to delete arbitrary files...
Incorrect ACL Check Vulnerability in Joomla!
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...
XSS Vulnerability in CatfishCMS 5.5.3
Catfish catfish CMS is open source free PHP content management system. Catfishcms V5.5.3 has an xss vulnerability that can be exploited by attackers to obtain user cookie information...
OIC Exponent CMS Input Validation Error Vulnerability (CNVD-2021-02030)
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...
CatfishCMS suffers from a logic flaw vulnerability (CNVD-2020-73469)
CatfishCMS is a PHP content management system does not require a high depth of expertise easy to build the site using simple to adapt to different needs. CatfishCMS has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...
Drupal Command Injection Vulnerability
Drupal is an open source content management system developed by the Drupal community using the PHP language. A security vulnerability exists in Drupal versions 8.8.x before 8.8.8, 8.9.x before 8.9.1, and 9.0.x before 9.0.1. An attacker can exploit the vulnerability to execute code with the help o...