Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/02/05 10:46 p.m.9 views

CVE-2022-36068

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in...

7.2CVSS6.5AI score0.00355EPSS
Exploits0
OSV
OSVadded 2022/04/05 3:15 p.m.2 views

CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...

7.2CVSS7.2AI score
Exploits0References2
NVD
NVDadded 2022/04/05 3:15 p.m.10 views

CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...

7.2CVSS0.10493EPSS
Exploits4References2
Prion
Prionadded 2022/04/05 3:15 p.m.14 views

Code injection

DISPUTED SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to...

6.5CVSS7.2AI score0.10493EPSS
Exploits4References2Affected Software1
Cvelist
Cvelistadded 2022/04/05 12:0 a.m.14 views

CVE-2022-26982

SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify theme...

7.4AI score0.10493EPSS
Exploits4References2
CVE
CVEadded 2022/04/05 12:0 a.m.91 views

CVE-2022-26982

CVE-2022-26982 affects SimpleMachinesForum versions 2.1.1 and earlier. Affected scenario: remote authenticated administrators can execute arbitrary PHP code by inserting vulnerable PHP code through theme modification (e.g., via Admin.template.php) because themes can be altered by an administrator...

7.2CVSS7.2AI score0.10493EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDBadded 2020/01/08 12:0 a.m.14 views

Minimal Coming Soon & Maintenance Mode < 2.17 - Insecure permissions: Export Settings/Theme Change

There was a flaw that would allow any user logged in as a subscriber or above to export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site. PoC Login with subscriber or above permissions and send the following request to export the plugin settings:...

5.5CVSS1.1AI score0.00412EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder