CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

293 matches found

RedhatCVE•added 2026/03/27 2:24 p.m.•11 views

CVE-2021-27672

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

4.9CVSS7.8AI score0.01327EPSS

Exploits1References1

GithubExploit•added 2026/02/19 6:19 a.m.•198 views

Exploit for Path Traversal in Welcart Welcart_E-Commerce

Zenario CMS 9.3 - Unauthenticated RCE Exploit CVE-2022-418...

9.8CVSS6.7AI score0.05116EPSS

Exploits2

RedhatCVE•added 2026/01/09 11:29 a.m.•5 views

CVE-2021-27673

Cross Site Scripting XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component...

4.8CVSS6.7AI score0.01089EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 10:54 a.m.•6 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS6.9AI score0.01436EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:36 a.m.•4 views

CVE-2024-34460

The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. This component was removed in 9.5.60602...

6.5CVSS6.8AI score0.00551EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:35 a.m.•6 views

CVE-2024-34461

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator...

9.8CVSS7.4AI score0.00954EPSS

Exploits0References1