Lucene search
K

9 matches found

CVE
CVE
added 2022/03/24 5:5 p.m.115 views

CVE-2022-0153

Fork CMS contains a SQL injection vulnerability in versions prior to 5.11.1. The issue occurs when deleting submissions that belong to a form created with the FormBuilder module, where the id[] parameter is vulnerable to SQL injection. The CVE-2022-0153 entry is corroborated by multiple sources (...

9.6CVSS8AI score0.01111EPSS
CVE
CVE
added 2022/03/25 11:35 a.m.115 views

CVE-2022-1064

Fork CMS (forkcms/forkcms) is affected by SQL injection in versions prior to 5.11.1, via the ids parameter in blog comments where bulk marking as spam enables injection. The root cause is lack of validation of externally entered SQL statements in that parameter. Consequences stated include potent...

9CVSS9.1AI score0.01134EPSS
CVE
CVE
added 2020/02/08 4:3 p.m.104 views

CVE-2014-9470

Fork CMS prior to 3.8.4 is affected by a cross-site scripting (XSS) vulnerability in the loadForm() function (Frontend/Modules/Search/Actions/Index.php) where the q_widget parameter to /en/search can inject arbitrary script/HTML. The issue arises from insufficient input filtering and is exploitab...

6.1CVSS6AI score0.01421EPSS
Web
CVE
CVE
added 2022/03/24 10:35 a.m.97 views

CVE-2022-0145

Fork CMS (forkcms/forkcms) prior to version 5.11.1 is affected by a stored XSS vulnerability. The flaw allows an attacker to inject and have JavaScript execute when a new module is uploaded, via the module description field, with exploitation tied to viewing the Details page after upload. Impact ...

6.8CVSS5.3AI score0.00671EPSS
CVE
CVE
added 2021/03/04 12:28 p.m.74 views

CVE-2020-24036

ForkCMS prior to version 5.8.3 is affected by PHP object injection via the backend Ajax endpoint. The vulnerability allows an authenticated remote user to inject PHP objects through unserialize calls in the Ajax handlers, enabling remote code execution. The issue is specific to ForkCMS’s backend ...

8.8CVSS8.8AI score0.02935EPSS
CVE
CVE
added 2021/05/06 9:46 p.m.71 views

CVE-2020-23264

CVE-2020-23264 is a CSRF vulnerability in the Fork-CMS platform, affecting versions before 5.8.2 . The issue allows remote attackers to hijack the authentication of logged-in administrators. The provided documents specify the vulnerability but do not include a concrete root-cause analysis or expl...

8.8CVSS8.9AI score0.00629EPSS
CVE
CVE
added 2021/01/11 3:54 p.m.70 views

CVE-2020-23960

CVE-2020-23960 is documented across multiple connected records as a set of multiple CSRF vulnerabilities in the ForkCMS Admin Console prior to version 5.8.3. The issues allow remote attackers to perform unauthorized administrator actions such as approving large user comment queues, restoring dele...

8.8CVSS8.8AI score0.00676EPSS
CVE
CVE
added 2019/08/26 12:11 p.m.49 views

CVE-2019-15521

CVE-2019-15521 affects Spoon Library up to 2014-02-06 as used in Fork CMS before 1.4.1 and other products. The vulnerability enables PHP object injection via a cookie containing a serialized object, allowing code execution under deserialization in spoon/cookie/cookie.php. Public sources (Red Hat,...

9.8CVSS9.6AI score0.02482EPSS
CVE
CVE
added 2020/05/27 3:4 p.m.45 views

CVE-2020-13633

Fork CMS prior to version 5.8.3 is vulnerable to cross-site scripting (XSS) due to insufficient escaping of user-supplied values in navigation_title and pageTitle (createHtml()). The vulnerability allows injection of malicious scripts through these fields, with the impact described as XSS in mult...

6.1CVSS5.9AI score0.00679EPSS