44 matches found
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
CVE-2023-53921 SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...
Sitemagic CMS 代码问题漏洞
Sitemagic CMS is a scalable content management system CMS. A code issue vulnerability exists in Sitemagic CMS version 4.4.3, which stems from improper file upload functionality and could lead to remote code execution...
EUVD-2019-2249
Malware in sbrugna...
EUVD-2019-8020
Malware in sbrugna...
CVE-2019-10238
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...
SiteMagic CMS 4.4.2 Shell Upload
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...
SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...
Sitemagic CMS cross-site scripting vulnerability (CNVD-2019-38803)
Sitemagic CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in Sitemagic CMS. An attacker could exploit this vulnerability to execute client-side code...
Sitemagic CMS Cross-Site Request Forgery Vulnerability
Sitemagic CMS is a scalable content management system CMS. A cross-site request forgery vulnerability exists in Sitemagic CMS. An attacker could exploit the vulnerability to send unintended requests to the server via an affected client...
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
Cross site scripting
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
Cross site request forgery (csrf)
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18220
CVE-2019-18220 affects Sitemagic CMS 4.4.1. The root cause is a cross-site request forgery (CSRF) issue where the application does not implement any method to validate incoming requests, enabling a remote unauthenticated attacker to induce victims to perform unintended actions. The provided conne...
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...