64 matches found
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
CVE-2019-19374
An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
Remote code execution
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
Information disclosure
An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...
CVE-2019-19374
An issue was discovered in core/assets/form/formquestiontypes/formquestiontypefileupload/formquestiontypefileupload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server...
CVE-2019-19374
CVE-2019-19374 affects Squiz Matrix CMS 5.5.x: core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc allows a user to delete arbitrary files from the server during interaction with the File Upload field in a custom form, and exposes the full path t...
CVE-2019-19373
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...
CVE-2019-19373
Squiz Matrix CMS is affected by CVE-2019-19373 across multiple 5.5.x releases: 5.5.0 before 5.5.0.3, 5.5.1 before 5.5.1.8, 5.5.2 before 5.5.2.4, and 5.5.3 before 5.5.3.3. The vulnerability arises from arbitrary PHP object deserialization in the Remote Content page type when processing the package...
Squiz Matrix File Bridge Plugin Path Traversal Vulnerability
Squiz Matrix is an enterprise content management system from Squiz Australia.File Bridge plugin is a file bridging plugin used in... A path traversal vulnerability exists in the File Bridge plugin in Squiz Matrix versions 5.3 through 5.3.6.1 and 5.4.1.3. An attacker could use this vulnerability t...
Squiz Matrix Matrix WYSIWYG plugin cross-site scripting vulnerability
Squiz Matrix is an enterprise content management system from Squiz Australia.Matrix WYSIWYG plugins is a WYSIWYG editor plugin used in it. A cross-site scripting vulnerability exists in the Matrix WYSIWYG plugin in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remo...
Squiz Matrixa Remote Code Execution Vulnerability
Squiz Matrix is an enterprise content management system from Squiz Australia. A remote code execution vulnerability exists in Squiz Matrix versions prior to 5.3.6.1 and 5.4.x versions prior to 5.4.1.3. A remote attacker can exploit the vulnerability to execute code with the help of a maliciously...
CVE-2017-14196
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...
CVE-2017-14198
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...
CVE-2017-14196
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...
CVE-2017-14197
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...
CVE-2017-14197
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...
CVE-2017-14198
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution RCE via a maliciously crafted timeformat tag...
Cross site scripting
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting XSS issues in Matrix WYSIWYG plugins...
Path traversal
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed...