Pligg Cms Security Vulnerabilities and Issues — Pligg Cms CVE List

Lucene search

PliggPligg Cms

43 matches found

CVE•added 2009/08/26 2:24 p.m.•187 views

CVE-2008-7090

Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.

7.8CVSS7.1AI score0.10831EPSS

CVE•added 2023/07/25 8:15 p.m.•123 views

CVE-2023-37677

Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.

9.8CVSS9.8AI score0.01289EPSS

CVE•added 2010/04/21 2:30 p.m.•77 views

CVE-2009-4786

Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7...

4.3CVSS5.7AI score0.00322EPSS

CVE•added 2008/12/26 6:30 p.m.•72 views

CVE-2008-5739

SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.

7.5CVSS8.4AI score0.00149EPSS

CVE•added 2008/07/30 5:41 p.m.•58 views

CVE-2008-3366

SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.

7.5CVSS8.4AI score0.00323EPSS

CVE•added 2022/08/02 3:15 a.m.•57 views

CVE-2022-34956

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.

9.8CVSS9.8AI score0.00084EPSS

CVE•added 2010/04/21 2:30 p.m.•52 views

CVE-2009-4788

Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php.

4.3CVSS6.8AI score0.00253EPSS

CVE•added 2010/08/16 5:12 p.m.•52 views

CVE-2010-2577

Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php.

7.5CVSS8.6AI score0.00706EPSS

CVE•added 2022/08/02 3:15 a.m.•52 views

CVE-2022-34955

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.

9.8CVSS9.8AI score0.00084EPSS

CVE•added 2010/04/21 2:30 p.m.•51 views

CVE-2009-4787

Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact.

6.8CVSS7.6AI score0.00126EPSS

CVE•added 2015/08/31 7:59 p.m.•51 views

CVE-2015-6655

Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.

6.8CVSS7AI score0.00219EPSS

CVE•added 2024/08/20 2:15 p.m.•46 views

CVE-2024-42608

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.

8.8CVSS7.2AI score0.00071EPSS

CVE•added 2012/05/27 8:55 p.m.•44 views

CVE-2012-2435

Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.

6.5CVSS7AI score0.0072EPSS

CVE•added 2012/05/27 8:55 p.m.•44 views

CVE-2012-2436

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (...

4.3CVSS5.8AI score0.0371EPSS

CVE•added 2024/08/20 3:15 p.m.•44 views

CVE-2024-42613

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2024/08/20 3:15 p.m.•43 views

CVE-2024-42605

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1

8.8CVSS7.6AI score0.00068EPSS

CVE•added 2024/08/20 6:15 p.m.•43 views

CVE-2024-42612

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add

8.8CVSS7.6AI score0.00073EPSS

CVE•added 2024/08/20 3:15 p.m.•42 views

CVE-2024-42604

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2024/08/20 3:15 p.m.•41 views

CVE-2024-42606

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1

8.8CVSS7.6AI score0.00064EPSS

CVE•added 2024/08/20 3:15 p.m.•40 views

CVE-2024-42611

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2024/08/20 3:15 p.m.•40 views

CVE-2024-42616

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2024/08/20 3:15 p.m.•40 views

CVE-2024-42617

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2009/08/26 2:24 p.m.•39 views

CVE-2008-7091

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTi...

7.5CVSS8.8AI score0.04999EPSS

CVE•added 2024/08/20 3:15 p.m.•39 views

CVE-2024-42609

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars

8.8CVSS7.6AI score0.00068EPSS

CVE•added 2024/08/20 3:15 p.m.•38 views

CVE-2024-42618

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2024/08/20 7:15 p.m.•38 views

CVE-2024-42619

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com

8.8CVSS7.6AI score0.00073EPSS

CVE•added 2009/08/26 2:24 p.m.•37 views

CVE-2008-7089

Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.

4.3CVSS5.8AI score0.03519EPSS

CVE•added 2010/08/16 5:12 p.m.•37 views

CVE-2010-3013

SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577.

7.5CVSS8.5AI score0.00706EPSS

CVE•added 2024/08/20 3:15 p.m.•37 views

CVE-2024-42621

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2009/08/13 4:30 p.m.•36 views

CVE-2008-6968

Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

7.5CVSS8.8AI score0.00128EPSS

CVE•added 2011/11/03 5:55 p.m.•35 views

CVE-2011-3986

Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00318EPSS

CVE•added 2012/05/27 8:55 p.m.•35 views

CVE-2012-2936

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to ...

4.3CVSS5.8AI score0.00545EPSS

CVE•added 2014/11/26 3:59 p.m.•35 views

CVE-2014-9096

Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.

7.5CVSS8.8AI score0.01328EPSS

CVE•added 2024/08/20 3:15 p.m.•35 views

CVE-2024-42603

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall

8.8CVSS7.6AI score0.00064EPSS

CVE•added 2024/08/20 3:15 p.m.•35 views

CVE-2024-42607

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2024/08/20 3:15 p.m.•34 views

CVE-2024-42610

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files

8.8CVSS7.6AI score0.00071EPSS

CVE•added 2011/12/29 11:55 a.m.•32 views

CVE-2011-5022

SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.

7.5CVSS8.7AI score0.0021EPSS

CVE•added 2011/12/29 11:55 a.m.•32 views

CVE-2011-5023

Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.

4.3CVSS5.8AI score0.00404EPSS

CVE•added 2007/10/18 10:17 p.m.•31 views

CVE-2007-5579

login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.

7.5CVSS7AI score0.02682EPSS

CVE•added 2008/08/10 8:41 p.m.•29 views

CVE-2008-3572

Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter.

4.3CVSS5.7AI score0.00329EPSS

CVE•added 2011/09/24 12:55 a.m.•28 views

CVE-2011-3794

Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files.

5CVSS6.3AI score0.00283EPSS

CVE•added 2012/05/27 8:55 p.m.•28 views

CVE-2012-2937

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin...

7.5CVSS8.8AI score0.01045EPSS

CVE•added 2008/04/14 4:5 p.m.•27 views

CVE-2008-1774

SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.3AI score0.00323EPSS