9 matches found
CVE-2022-0153
Fork CMS contains a SQL injection vulnerability in versions prior to 5.11.1. The issue occurs when deleting submissions that belong to a form created with the FormBuilder module, where the id[] parameter is vulnerable to SQL injection. The CVE-2022-0153 entry is corroborated by multiple sources (...
CVE-2022-1064
Fork CMS (forkcms/forkcms) is affected by SQL injection in versions prior to 5.11.1, via the ids parameter in blog comments where bulk marking as spam enables injection. The root cause is lack of validation of externally entered SQL statements in that parameter. Consequences stated include potent...
CVE-2014-9470
Fork CMS prior to 3.8.4 is affected by a cross-site scripting (XSS) vulnerability in the loadForm() function (Frontend/Modules/Search/Actions/Index.php) where the q_widget parameter to /en/search can inject arbitrary script/HTML. The issue arises from insufficient input filtering and is exploitab...
CVE-2022-0145
Fork CMS (forkcms/forkcms) prior to version 5.11.1 is affected by a stored XSS vulnerability. The flaw allows an attacker to inject and have JavaScript execute when a new module is uploaded, via the module description field, with exploitation tied to viewing the Details page after upload. Impact ...
CVE-2020-24036
ForkCMS prior to version 5.8.3 is affected by PHP object injection via the backend Ajax endpoint. The vulnerability allows an authenticated remote user to inject PHP objects through unserialize calls in the Ajax handlers, enabling remote code execution. The issue is specific to ForkCMS’s backend ...
CVE-2020-23264
CVE-2020-23264 is a CSRF vulnerability in the Fork-CMS platform, affecting versions before 5.8.2 . The issue allows remote attackers to hijack the authentication of logged-in administrators. The provided documents specify the vulnerability but do not include a concrete root-cause analysis or expl...
CVE-2020-23960
CVE-2020-23960 is documented across multiple connected records as a set of multiple CSRF vulnerabilities in the ForkCMS Admin Console prior to version 5.8.3. The issues allow remote attackers to perform unauthorized administrator actions such as approving large user comment queues, restoring dele...
CVE-2019-15521
CVE-2019-15521 affects Spoon Library up to 2014-02-06 as used in Fork CMS before 1.4.1 and other products. The vulnerability enables PHP object injection via a cookie containing a serialized object, allowing code execution under deserialization in spoon/cookie/cookie.php. Public sources (Red Hat,...
CVE-2020-13633
Fork CMS prior to version 5.8.3 is vulnerable to cross-site scripting (XSS) due to insufficient escaping of user-supplied values in navigation_title and pageTitle (createHtml()). The vulnerability allows injection of malicious scripts through these fields, with the impact described as XSS in mult...