Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Popojicms Security Vulnerabilities

cve
cve

CVE-2018-18934

An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF.

9.8CVSS

9.5AI Score

0.003EPSS

2018-11-05 09:29 AM
17
cve
cve

CVE-2018-18935

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.

8.8CVSS

8.6AI Score

0.001EPSS

2018-11-05 09:29 AM
15
cve
cve

CVE-2018-18936

An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.

7.5CVSS

7.5AI Score

0.002EPSS

2018-11-05 09:29 AM
16
cve
cve

CVE-2019-18815

PopojiCMS 2.0.1 allows refer= Open Redirection.

6.1CVSS

6.2AI Score

0.001EPSS

2019-11-07 05:15 PM
67
cve
cve

CVE-2019-18816

po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.

6.1CVSS

6.2AI Score

0.001EPSS

2019-11-07 05:15 PM
151
cve
cve

CVE-2019-9549

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.

8.8CVSS

8.6AI Score

0.001EPSS

2019-03-03 07:29 PM
17
cve
cve

CVE-2020-18065

Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu.

5.4CVSS

5.2AI Score

0.001EPSS

2021-08-25 08:15 PM
19
2
cve
cve

CVE-2020-19547

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php.

6.5CVSS

6.4AI Score

0.001EPSS

2021-08-25 08:15 PM
23
2
cve
cve

CVE-2020-21356

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.

5.3CVSS

4.9AI Score

0.001EPSS

2021-08-06 11:15 PM
61
4
cve
cve

CVE-2020-21357

A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field.

6.1CVSS

5.9AI Score

0.001EPSS

2021-08-06 11:15 PM
56
4
cve
cve

CVE-2021-28070

Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete.

4.3CVSS

4.7AI Score

0.001EPSS

2021-08-25 08:15 PM
14
cve
cve

CVE-2022-47766

PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.

8.8CVSS

8.6AI Score

0.001EPSS

2023-01-19 07:15 PM
14
cve
cve

CVE-2023-50011

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.

7.2CVSS

7.1AI Score

0.003EPSS

2023-12-14 03:15 PM
5
cve
cve

CVE-2023-5910

A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input <script>alert(1)</script> leads to cross site scripting....

6.1CVSS

5.9AI Score

0.001EPSS

2023-11-02 12:15 AM
28