Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf...
6.1CVSS
7.3AI Score
0.0005EPSS
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host:...
6.8AI Score
0.001EPSS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete...
4.5CVSS
4.7AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or...
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious...
6.1CVSS
5.9AI Score
0.001EPSS
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin...
8.8CVSS
8.6AI Score
0.004EPSS
4.8CVSS
4.8AI Score
0.001EPSS
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has...
9.8CVSS
9.2AI Score
0.065EPSS
6.1CVSS
6.1AI Score
0.001EPSS
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a...
7.9AI Score
0.006EPSS