37 matches found
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
CVE-2023-53921 SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...
EUVD-2019-2249
Malware in sbrugna...
EUVD-2019-8020
Malware in sbrugna...
CVE-2019-10238
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...
SiteMagic CMS 4.4.2 Shell Upload
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...
SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...
Sitemagic CMS Cross-Site Request Forgery Vulnerability
Sitemagic CMS is a scalable content management system CMS. A cross-site request forgery vulnerability exists in Sitemagic CMS. An attacker could exploit the vulnerability to send unintended requests to the server via an affected client...
Sitemagic CMS cross-site scripting vulnerability (CNVD-2019-38803)
Sitemagic CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in Sitemagic CMS. An attacker could exploit this vulnerability to execute client-side code...
CVE-2019-18220
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
Cross site scripting
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
Cross site request forgery (csrf)
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery CSRF issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemag...
CVE-2019-18219
CVE-2019-18219 affects Sitemagic CMS 4.4.1. The vulnerability is a Cross-Site Scripting (XSS) flaw arising from inadequate input validation in the affected components, specifically index.php and upgrade.php. An attacker could inject JavaScript via crafted URLs (GET) or through the UpgradeMode POS...
CVE-2019-18219
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting XSS vulnerability, as it fails to validate user input. The affected components index.php, upgrade.php allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter...
Design/Logic Flaw
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...
CVE-2019-10238
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...
CVE-2019-10238
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter...
CVE-2019-10238
CVE-2019-10238 concerns Sitemagic CMS v4.4, where an XSS flaw exists in SMFiles/FrmUpload.class.php through the filename parameter. The vulnerability description across connected sources consistently identifies a cross-site scripting issue exploitable via the filename field in FrmUpload.class.php...