Subrion Security Vulnerabilities and Issues — Subrion CVE List

Lucene search

IntelliantsSubrion

4 matches found

CVE•added 2020/05/15 6:15 p.m.•94 views

CVE-2019-20390

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a G...

8.1CVSS8AI score0.00247EPSS

CVE•added 2020/03/17 3:15 p.m.•55 views

CVE-2018-21037

Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.

8.8CVSS8.8AI score0.00177EPSS

CVE•added 2023/11/03 1:15 p.m.•43 views

CVE-2023-46947

Subrion 4.2.1 has a remote command execution vulnerability in the backend.

8.8CVSS8.7AI score0.01861EPSS

CVE•added 2017/10/06 7:29 a.m.•39 views

CVE-2017-15063

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.

8.8CVSS8.8AI score0.00133EPSS