CVE-2024-25400

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not pr...

CVE-2020-18155

SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.

CVE-2017-5543

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.