Pligg Cms@1.1.2 Security Vulnerabilities and Issues — Pligg Cms@1.1.2 CVE List

Lucene search

PliggPligg Cms1.1.2

5 matches found

CVE•added 2012/05/27 8:55 p.m.•44 views

CVE-2012-2435

Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.

6.5CVSS7AI score0.0072EPSS

CVE•added 2012/05/27 8:55 p.m.•44 views

CVE-2012-2436

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (...

4.3CVSS5.8AI score0.0371EPSS

CVE•added 2012/05/27 8:55 p.m.•35 views

CVE-2012-2936

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to ...

4.3CVSS5.8AI score0.00545EPSS

CVE•added 2011/12/29 11:55 a.m.•32 views

CVE-2011-5022

SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.

7.5CVSS8.7AI score0.0021EPSS

CVE•added 2012/05/27 8:55 p.m.•28 views

CVE-2012-2937

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin...

7.5CVSS8.8AI score0.01045EPSS