Pligg Cms Security Vulnerabilities and Issues — Pligg Cms CVE List

Lucene search

PliggPligg Cms

12 matches found

CVE•added 2009/08/26 2:24 p.m.•187 views

CVE-2008-7090

Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.

7.8CVSS7.1AI score0.10831EPSS

CVE•added 2008/12/26 6:30 p.m.•72 views

CVE-2008-5739

SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.

7.5CVSS8.4AI score0.00149EPSS

CVE•added 2008/07/30 5:41 p.m.•58 views

CVE-2008-3366

SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.

7.5CVSS8.4AI score0.00323EPSS

CVE•added 2010/08/16 5:12 p.m.•52 views

CVE-2010-2577

Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php.

7.5CVSS8.6AI score0.00706EPSS

CVE•added 2009/08/26 2:24 p.m.•39 views

CVE-2008-7091

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTi...

7.5CVSS8.8AI score0.04999EPSS

CVE•added 2010/08/16 5:12 p.m.•37 views

CVE-2010-3013

SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577.

7.5CVSS8.5AI score0.00706EPSS

CVE•added 2009/08/13 4:30 p.m.•36 views

CVE-2008-6968

Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

7.5CVSS8.8AI score0.00128EPSS

CVE•added 2014/11/26 3:59 p.m.•35 views

CVE-2014-9096

Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.

7.5CVSS8.8AI score0.01328EPSS

CVE•added 2011/12/29 11:55 a.m.•32 views

CVE-2011-5022

SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.

7.5CVSS8.7AI score0.0021EPSS

CVE•added 2007/10/18 10:17 p.m.•31 views

CVE-2007-5579

login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.

7.5CVSS7AI score0.02682EPSS

CVE•added 2012/05/27 8:55 p.m.•28 views

CVE-2012-2937

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin...

7.5CVSS8.8AI score0.01045EPSS

CVE•added 2008/04/14 4:5 p.m.•27 views

CVE-2008-1774

SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.3AI score0.00323EPSS