3 matches found
CVE-2015-1058
CVE-2015-1058 affects AdaptCMS 3.0.3. The connected sources describe multiple cross-site scripting (XSS) vulnerabilities, allowing injection of arbitrary script/HTML via several fields (e.g., data[Category][title] in admin/categories/add, data[Field][title] in admin/fields/ajax_fields/, name in b...
CVE-2015-1059
CVE-2015-1059 affects AdaptCMS 3.0.3 and is an unrestricted file upload vulnerability in admin/files/add that permits authenticated users to upload PHP scripts and execute arbitrary code by requesting the uploaded file from /app/webroot/uploads. The root cause is improper verification of uploaded...
CVE-2015-1060
CVE-2015-1060 affects AdaptCMS 3.0.3, specifically the file lib/Cake/Controller/Controller.php. The vulnerability is an open redirect caused by using the URL from the HTTP Referer header to redirect users, enabling remote attackers to guide victims to arbitrary sites and potentially conduct phish...