Lucene search
+L

64 matches found

NVD
NVD
added 2019/12/11 8:15 p.m.22 views

CVE-2019-19373

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...

7.5CVSS8AI score0.048EPSS
Exploits3References4
OSV
OSV
added 2019/12/11 8:15 p.m.5 views

CVE-2019-19374

An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...

9.1CVSS7.4AI score0.0344EPSS
Exploits3References4
OSV
OSV
added 2019/12/11 8:15 p.m.6 views

CVE-2019-19373

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...

7.5CVSS7.5AI score0.048EPSS
Exploits3References4
Prion
Prion
added 2019/12/11 8:15 p.m.15 views

Remote code execution

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...

5CVSS8AI score0.048EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2019/12/11 8:15 p.m.17 views

Information disclosure

An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...

7.5CVSS8.6AI score0.0344EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2019/12/11 7:10 p.m.37 views

CVE-2019-19374

An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...

8.8AI score0.0344EPSS
Exploits3References4
CVE
CVE
added 2019/12/11 7:10 p.m.60 views

CVE-2019-19374

CVE-2019-19374 affects Squiz Matrix CMS 5.5.x: core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc allows a user to delete arbitrary files from the server during interaction with the File Upload field in a custom form, and exposes the full path t...

9.1CVSS8.5AI score0.0344EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2019/12/11 7:4 p.m.39 views

CVE-2019-19373

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...

8AI score0.048EPSS
Exploits3References4
CVE
CVE
added 2019/12/11 7:4 p.m.62 views

CVE-2019-19373

Squiz Matrix CMS is affected by CVE-2019-19373 across multiple 5.5.x releases: 5.5.0 before 5.5.0.3, 5.5.1 before 5.5.1.8, 5.5.2 before 5.5.2.4, and 5.5.3 before 5.5.3.3. The vulnerability arises from arbitrary PHP object deserialization in the Remote Content page type when processing the package...

7.5CVSS8AI score0.048EPSS
Exploits3References4Affected Software1
CNVD
CNVD
added 2017/12/04 12:0 a.m.4 views

Squiz Matrix File Bridge Plugin Path Traversal Vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia.File Bridge plugin is a file bridging plugin used in... A path traversal vulnerability exists in the File Bridge plugin in Squiz Matrix versions 5.3 through 5.3.6.1 and 5.4.1.3. An attacker could use this vulnerability t...

7.5CVSS6.8AI score0.02193EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/04 12:0 a.m.4 views

Squiz Matrix Matrix WYSIWYG plugin cross-site scripting vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia.Matrix WYSIWYG plugins is a WYSIWYG editor plugin used in it. A cross-site scripting vulnerability exists in the Matrix WYSIWYG plugin in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remo...

6.1CVSS6.1AI score0.00602EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/04 12:0 a.m.9 views

Squiz Matrixa Remote Code Execution Vulnerability

Squiz Matrix is an enterprise content management system from Squiz Australia. A remote code execution vulnerability exists in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remote attacker can exploit the vulnerability to execute code with the help of a maliciously...

8.8CVSS8.2AI score0.01769EPSS
Exploits0References1
NVD
NVD
added 2017/11/30 2:29 a.m.22 views

CVE-2017-14196

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...

7.5CVSS7.2AI score0.02193EPSS
Exploits0References1
NVD
NVD
added 2017/11/30 2:29 a.m.14 views

CVE-2017-14198

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...

8.8CVSS8.8AI score0.01769EPSS
Exploits0References1
OSV
OSV
added 2017/11/30 2:29 a.m.5 views

CVE-2017-14196

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2017/11/30 2:29 a.m.12 views

CVE-2017-14197

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

6.1CVSS6AI score0.00602EPSS
Exploits0References1
OSV
OSV
added 2017/11/30 2:29 a.m.4 views

CVE-2017-14197

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

6.1CVSS5.8AI score0.00602EPSS
Exploits0References1
OSV
OSV
added 2017/11/30 2:29 a.m.7 views

CVE-2017-14198

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...

8.8CVSS5.9AI score0.01769EPSS
Exploits0References1
Prion
Prion
added 2017/11/30 2:29 a.m.13 views

Cross site scripting

An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...

4.3CVSS6AI score0.00602EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/11/30 2:29 a.m.9 views

Path traversal

An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...

5CVSS7.2AI score0.02193EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder