includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
9.8CVSS
9.5AI Score
0.003EPSS
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
9.8CVSS
9.8AI Score
0.002EPSS