36 matches found
CVE-2024-25399
Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php. The underlying issue is inadequate input sanitization in the adminer.php script, enabling injection of malicious scripts that could be rendered in pages viewed by other users. No exploitation details are provided in th...
CVE-2018-19422
CVE-2018-19422 affects Subrion CMS 4.2.1. The root cause is that .htaccess omits .pht and .phar from the blacklist, allowing uploaded files of these types in /panel/uploads to be executed as PHP, enabling remote code execution. Public advisories, exploit-DB entries, and Metasploit module descript...
CVE-2020-35437
Subrion CMS 4.2.1 is affected by a Cross-Site Scripting (XSS) flaw via the avatar[path] parameter in a POST to the /_core/profile/ URI. The vulnerability stems from unsanitized input in avatar[path], enabling script injection. Public exploit reports describe a stored XSS; however, the provided do...
CVE-2021-43464
Subrion CMS 4.2.1 is affected by a remote code execution (RCE) vulnerability caused by modified code in a background field, where edited data is executed via eval() . The issue, documented in multiple sources, indicates that user-supplied changes can lead to arbitrary code execution. The connecte...
CVE-2020-22392
CVE-2020-22392 corresponds to a Cross Site Scripting (XSS) vulnerability in Subrion CMS 4.2.2, specifically exposed when adding a blog and then editing an image file. The connected documents confirm the affected product/version and the vulnerable action, but do not provide technical details about...
CVE-2017-11444
Subrion CMS prior to 4.1.5.10 contains a SQL injection vulnerability in /front/search.php exploitable via the $_GET array. The issue is confirmed by the Nuclei template and related CVE details, which describe arbitrary SQL execution with the GET parameters and highlight the impact as high/critica...
CVE-2021-41502
Subrion CMS v4.2.1 contains a stored XSS vulnerability. The flaw allows injecting malicious JavaScript by altering the name of an uploaded image, closing an HTML tag, or adding an onerror attribute, enabling script execution. Connected documents confirm the same issue across multiple feeds (inclu...
CVE-2022-43121
Subrion CMS v4.2.1 has an XSS in the CMS Field Add page, allowing arbitrary script/HTML via the tooltip text field. Root cause cited as insufficient sanitization in admin-controllable input (notably in fields.php: _assignValues). CVSS 3.1 base score 6.1 (NETWORK, LOW attack complexity, USER inter...
CVE-2022-43120
Consolidated details across multiple sources confirm a cross-site scripting (XSS) vulnerability in Subrion CMS v4.2.1, specifically in the /panel/fields/add component. The vulnerability allows an attacker to inject and execute arbitrary web scripts or HTML via a crafted payload placed into the Fi...
CVE-2020-18324
Subrion CMS 4.2.1 is affected by a Cross Site Scripting (XSS) vulnerability exploitable via the q parameter in the Kickstart template. The initial document and connected entries consistently identify Subrion CMS 4.2.1 and the Kickstart template q parameter as the source of the vulnerability; no e...
CVE-2020-18325
Subrion CMS 4.2.1 is affected by a cross-site scripting (XSS) vulnerability in the Configuration panel. The CVE description indicates multiple XSS cases exist in this area; the root cause details are not provided in the documents. Impact is described as XSS, but explicit exploit vectors, affected...
CVE-2021-43724
Subrion CMS
CVE-2022-37059
CVE-2022-37059 is an XSS vulnerability in the Admin Panel of Subrion CMS 4.2.1, allowing an attacker to inject arbitrary code through the Login Field. The issue is consistently described across Red Hat, CVE listings, and security advisories as a cross-site scripting flaw in Subrion CMS 4.2.1 with...
CVE-2020-18326
The CVE-2020-18326 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in Subrion CMS (Intelliants) v4.2.1. The flaw, exploitable via the Members administrator function, could allow a remote, unauthenticated attacker to trigger an authorized request that creates an arbitrary adminis...
CVE-2019-11406
CVE-2019-11406 affects Subrion CMS 4.2.1. The vulnerability is a Cross‑Site Scripting (XSS) in the _core/en/contacts/ path, exploitable via the name, email, or phone parameter in the contacts page. According to the records, exploitation requires user interaction (UI: REQUIRED) per CVSS3; base sco...
CVE-2018-16629
CVE-2018-16629 describes an XSS vulnerability in Subrion CMS v4.2.1, triggered by an SVG file containing JavaScript in a SCRIPT element uploaded to the path panel/uploads/#elf_l1_XA. The core issue is an SVG handling path that allows script execution, enabling potential arbitrary code execution w...
CVE-2018-16631
Subrion CMS v4.2.1 contains a cross-site scripting flaw exploitable via the panel/configuration/general Site Title parameter. The underlying issue is an XSS vulnerability that could let an attacker inject arbitrary JavaScript into a victim’s browser, potentially compromising sessions or performin...
CVE-2017-6013
Subrion CMS 4.0.5.10 is affected by an SQL injection in the admin/database/ URI via the query parameter. The vulnerability enables arbitrary SQL execution (impact: confidentiality, integrity, and availability can be affected). Documented in NVD/CNVD entries for CVE-2017-6013; no patch/version rem...
CVE-2012-4772
Subrion CMS prior to 2.2.3 contains a SQL Injection in the /register/ path (parameter plan_id) that allows remote attackers to alter SQL queries and potentially compromise the system. The vulnerability (CVE-2012-4772) is described in multiple sources as a classic injection through the plan_id fie...
CVE-2012-4771
Subrion CMS
CVE-2023-43875
Subrion CMS 4.2.1 is affected by multiple XSS vulnerabilities. The issue arises from insufficient sanitization in installation-related fields (dbhost, dbname, dbuser, adminusername, adminemail), enabling a local attacker to inject and execute arbitrary web scripts. Primary details come from CVE-2...
CVE-2012-4773
Subrion CMS before 2.2.3 contains multiple vulnerabilities: CVE-2012-4771 (XSS), CVE-2012-4772 (SQLi), and CVE-2012-4773 (CSRF) that can enable an attacker to hijack administrator sessions, perform unauthorized actions (including creating an admin account via /admin/accounts/add/), and modify sen...
CVE-2012-5452
CVE-2012-5452 affects Subrion CMS 2.2.1, with multiple XSS vectors exploitable via parameters across blocks/add, plans/add, fields/group/add (admin/manage), and advsearch. The root cause is improper input handling that allows injection of arbitrary scripts/HTML into user-visible fields (e.g., mul...
CVE-2011-5211
The CVE-2011-5211 entry is an XSS vulnerability in the Subrion CMS poll module (version 2.0.4) where an attacker could inject arbitrary script/HTML via the title field. The connected documents corroborate related XSS issues in Subrion CMS (e.g., CVE-2012-5452) affecting later versions (2.2.x) and...
CVE-2011-5212
The vulnerability CVE-2011-5212 affects Subrion CMS 2.0.4, specifically an SQL injection in admin/index.php that allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields. The issue arises from improper handling of user-supplied input in the login form,...
CVE-2017-18366
CVE-2017-18366 relates to Subrion CMS 4.1.5 and is a CSRF in the blog/delete/ action. The Red Hat and GitHub advisory records corroborate a CSRF vulnerability in Subrion CMS 4.1.5 and note mitigations have been applied in a newer release. The issue originates from insufficient CSRF protections, e...
CVE-2017-6002
Subrion CMS 4.0.5.10 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in admin/blog/add/. An attacker can exploit CSRF to add arbitrary blog entries and may inject XSS into the created entry via the body parameter. The vulnerability is documented in multiple sources (e.g., CNVD-20...
CVE-2017-6068
Subrion CMS 4.0.5 is affected by a CSRF flaw in admin/blocks/add/ that allows an attacker to create blocks and potentially inject XSS through the content parameter. The root cause is a CSRF vulnerability in the block-creation endpoint; exploitation details and whether an in-the-wild exploit exist...
CVE-2017-6069
Subrion CMS 4.0.5 is affected by CVE-2017-6069: CSRF in admin/blog/add/ can let an attacker add arbitrary tags and may allow XSS via the tags parameter. Connected records also describe a separate XSS vulnerability (via the blog/add/ body) that is a different issue from CVE-2017-6069. The CVE desc...
CVE-2017-6066
Subrion CMS 4.0.5 has a CSRF vulnerability in the admin/languages/edit/1/ endpoint. An attacker can perform any Edit Language action and may inject XSS via the title parameter. This issue is consistently described across multiple sources (NVD/CNVD/OSV) with the same details. No remediation steps ...
CVE-2019-7357
Subrion CMS 4.2.1 is vulnerable to CSRF in panel/modules/plugins/, enabling an attacker to remotely activate/deactivate plugins on an authenticated session. Root cause: CSRF in the plugins module. Impact: manipulation of plugins; no public fix version or remediation details are provided in the su...
CVE-2017-11445
CVE-2017-11445 affects Subrion CMS prior to 4.1.6. The vulnerability is a SQL injection in the file /front/actions.php reachable via the POST data ($_POST), caused by insufficient input handling in Subrion CMS. Reported across multiple sources (CNVD, NVD, OSV, Veracode) with the root cause descri...
CVE-2021-41947
CVE-2021-41947 involves a SQL injection in Subrion CMS v4.2.1’s visual-mode. Multiple sources (NVD/NVD-derived entries, CNVD, Red Hat, Veracode, CVE listings) attribute the issue to the visual.php path used by the jsonAction function, enabling a malicious user to obtain sensitive database informa...
CVE-2015-4129
CVE-2015-4129 is a SQL injection vulnerability in Subrion CMS prior to 3.3.3. The issue arises from processing modified serialized data in a salt cookie, allowing remote authenticated users to execute arbitrary SQL commands. Affected software: Subrion CMS; vulnerable component: cookie serializati...
CVE-2025-56556
Subrion CMS 4.2.1 is affected. The issue arises from the Run SQL Query tool in the SQL Tool admin panel, where authenticated administrators or moderators can gain escalated privileges due to insufficient privilege checks in the SQL query context. The vulnerability affects the Run SQL Query functi...
CVE-2025-70958
Subrion CMS v4.2.1 installation module is affected by multiple reflected XSS vulnerabilities. The issue allows an attacker to execute arbitrary JavaScript in the context of a user’s browser by injecting a crafted payload into the dbuser, dbpwd, or dbname parameters during installation. The CVE de...