21 matches found
EUVD-2019-8995
Malware in sbrugna...
EUVD-2019-8994
Malware in sbrugna...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
CVE-2019-19374
An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
Authorization
DISPUTED Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specif...
CVE-2022-32277
Affected product: Squiz Matrix CMS 6.20. Vulnerability: Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details. Impact (as stated): Confidentiality: None; Integrity: Low; Availability: None. Root cause / ...
PT-2022-21201 · Squiz · Squiz Matrix Cms
Name of the Vulnerable Software and Affected Versions: Squiz Matrix CMS version 6.20 Description: The issue is caused by a failure to correctly validate authorization when submitting a request to change a user's contact details, leading to an Insecure Direct Object Reference. This allows...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
Squiz Matrix CMS 5.5.x.x Code Execution / Information Disclosure
Introduction ============ ZX Security identified several vulnerabilities the Squiz Matrix CMS that can be chained together to gain pre-authenticated remote code execution in some circumstances. Affected Versions ================= The issues in this advisory affect the following versions of Squiz...
Squiz Matrix CMS Arbitrary File Deletion Vulnerability
Squiz Matrix CMS is an open source content management system with a highly usable interface. An arbitrary file deletion vulnerability exists in core/assets/form/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS. An attacker can exploit this...
Squiz Matrix CMS PHP Object Arbitrary Deserialization Vulnerability
Squiz Matrix CMS is an open source content management system with a highly usable interface. Squiz Matrix CMS suffers from an arbitrary PHP object deserialization vulnerability, which can be exploited to trigger arbitrary deserialization of PHP objects from the...
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
CVE-2019-19374
An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...
Remote code execution
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
CVE-2019-19374
An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...
CVE-2019-19374
CVE-2019-19374 affects Squiz Matrix CMS 5.5.x: core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc allows a user to delete arbitrary files from the server during interaction with the File Upload field in a custom form, and exposes the full path t...
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...