44 matches found
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
CVE-2023-53921 SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...
Sitemagic CMS 代码问题漏洞
Sitemagic CMS is a scalable content management system CMS. A code issue vulnerability exists in Sitemagic CMS version 4.4.3, which stems from improper file upload functionality and could lead to remote code execution...
EUVD-2019-2249
Malware in sbrugna...
EUVD-2019-8020
Malware in sbrugna...
CVE-2019-10238
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...
SiteMagic CMS 4.4.2 Shell Upload
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...
SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...
Sitemagic CMS Cross-Site Request Forgery Vulnerability
Sitemagic CMS is a scalable content management system CMS. A cross-site request forgery vulnerability exists in Sitemagic CMS. An attacker could exploit the vulnerability to send unintended requests to the server via an affected client...
Sitemagic CMS cross-site scripting vulnerability (CNVD-2019-38803)
Sitemagic CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in Sitemagic CMS. An attacker could exploit this vulnerability to execute client-side code...
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
Cross site scripting
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
Cross site request forgery (csrf)
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18220
CVE-2019-18220 affects Sitemagic CMS 4.4.1. The root cause is a cross-site request forgery (CSRF) issue where the application does not implement any method to validate incoming requests, enabling a remote unauthenticated attacker to induce victims to perform unintended actions. The provided conne...
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
CVE-2019-18219 affects Sitemagic CMS 4.4.1. The vulnerability is a Cross-Site Scripting (XSS) flaw arising from inadequate input validation in the affected components, specifically index.php and upgrade.php. An attacker could inject JavaScript via crafted URLs (GET) or through the UpgradeMode POS...