Lucene search
K
Foru Cms ProjectForu Cms

7 matches found

CVE
CVE
added 2024/01/11 8:0 p.m.61 views

CVE-2024-0425

ForU CMS (versions up to 2020-06-23) contains a vulnerability in /admin/index.php?act=reset_admin_psw that enables weak password recovery. The issue can be exploited remotely, and public disclosures exist. Several sources identify this as critical with remote access and potential impact to authen...

7.5CVSS7.7AI score0.00742EPSS
Web
CVE
CVE
added 2023/09/27 1:31 p.m.59 views

CVE-2023-5221

ForU CMS contains a code injection vulnerability in /install/index.php via manipulation of the db_name argument. The issue allows remote code execution and has been publicly disclosed. Impact is tied to confidentiality, integrity, and availability at HIGH/CRITICAL levels per CVE-2023-5221, with m...

9.8CVSS6.3AI score0.013EPSS
Web
CVE
CVE
added 2024/01/11 9:0 p.m.54 views

CVE-2024-0426

CVE-2024-0426 affects ForU CMS older releases (up to 2020-06-23) via SQL injection in admin/cms_template.php by manipulating t_name/t_path. The issue enables remote exploitation with HIGH impact on confidentiality, integrity, and availability; the exploit has been disclosed publicly. Connected so...

9.8CVSS9.7AI score0.00657EPSS
Web
CVE
CVE
added 2022/11/11 12:0 a.m.48 views

CVE-2022-3943

CVE-2022-3943 ForU CMS involves a cross-site scripting vulnerability in the file cms_chip.php, caused by manipulation of the name/argument parameter. The issue is exploitable remotely and has been publicly disclosed (VDB-213450). Across connected sources, affected is an unknown function in cms_ch...

5.4CVSS4.4AI score0.00344EPSS
CVE
CVE
added 2023/09/29 11:31 a.m.41 views

CVE-2023-5259

CVE-2023-5259 affects ForU CMS. The vulnerability is in /admin/cms_admin.php where manipulating the del parameter can cause a remote denial-of-service. The Red Hat entry confirms the same description. No version details or specific patch information are provided; the rolling-release nature of the...

4.9CVSS4.4AI score0.00979EPSS
Web
CVE
CVE
added 2024/01/19 6:31 p.m.36 views

CVE-2024-0729

CVE-2024-0729 pertains to ForU CMS, where the vulnerability exists in the file cms_admin.php and is triggered by manipulating the parameter a_name to cause a SQL injection. Affected versions are listed as up to 2020-06-23. The exploitation vector is not fully specified in the provided documents, ...

9.8CVSS9.7AI score0.00591EPSS
CVE
CVE
added 2024/01/19 6:31 p.m.29 views

CVE-2024-0728

ForU CMS (up to 2020-06-23) contains a file inclusion vulnerability in channel.php triggered by manipulating the c_cmodel parameter. This affects an unknown functionality within channel.php and can be exploited remotely; the exploit has been disclosed publicly (VDB-251551). Several sources (NVD, ...

9.8CVSS9.5AI score0.0073EPSS