CVE-2023-29689

PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...

CVE-2024-58297

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

CVE-2024-58297

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

CVE-2024-58297 PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

CVE-2024-58297

CVE-2024-58297 affects PyroCMS v3.0.1 with a stored XSS in the admin redirects configuration. An attacker can inject a payload into the Redirect From field, causing arbitrary JavaScript to execute when administrators view the redirects page. Public sources consistently describe this as a stored X...

CVE-2024-58297 PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

PT-2025-50751

Name of the Vulnerable Software and Affected Versions PyroCMS version 3.0.1 Description The software contains a stored cross-site scripting issue in the admin redirects configuration. Attackers can inject malicious scripts by inserting a payload into the 'Redirect From' field. This allows for the...

EUVD-2022-38016

Malicious code in bioql PyPI...

EUVD-2022-7314

Malicious code in bioql PyPI...

EUVD-2022-2515

Malicious code in bioql PyPI...

EUVD-2022-5352

Malicious code in bioql PyPI...

CVE-2022-35118

PyroCMS v3.9 was discovered to contain multiple cross-site scripting XSS vulnerabilities...

CVE-2020-25263

PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted...

CVE-2020-25262

PyroCMS 3.7 is vulnerable to cross-site request forgery CSRF via the admin/pages/delete/ URI: pages will be deleted...

PyroCMS v3.0.1 - Stored XSS Vulnerability

Exploit Title: PyroCMS v3.0.1 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS ----------------------------------------------------------------------------------------------------...

PyroCMS v3.0.1 - Stored XSS

Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...

PyroCMS 3.0.1 Cross Site Scripting

Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...

Server-Side Template Injection (SSTI)

pyrocms/pyrocms is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists due to dynamic templates used to generate web pages, which allows an admin authenticated attacker to inject a command which will execute arbitrary code on the server...

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...