6 matches found
CVE-2022-32277
Affected product: Squiz Matrix CMS 6.20. Vulnerability: Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details. Impact (as stated): Confidentiality: None; Integrity: Low; Availability: None. Root cause / ...
CVE-2019-19373
Squiz Matrix CMS is affected by CVE-2019-19373 across multiple 5.5.x releases: 5.5.0 before 5.5.0.3, 5.5.1 before 5.5.1.8, 5.5.2 before 5.5.2.4, and 5.5.3 before 5.5.3.3. The vulnerability arises from arbitrary PHP object deserialization in the Remote Content page type when processing the package...
CVE-2019-19374
CVE-2019-19374 affects Squiz Matrix CMS 5.5.x: core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc allows a user to delete arbitrary files from the server during interaction with the File Upload field in a custom form, and exposes the full path t...
CVE-2017-14198
Summary: CVE-2017-14198 affects Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. The connected CNVD/NVD entries corroborate the affected versions an...
CVE-2017-14196
Summary: CVE-2017-14196 is a path traversal information-disclosure vulnerability in Squiz Matrix, affecting the File Bridge plugin. Affected versions: 5.3 through 5.3.6.1 and 5.4.1.3. Root cause/impact: a path traversal flaw allows an attacker to confirm the existence of files outside the bridged...
CVE-2017-14197
Squiz Matrix WYSIWYG plugin is affected by multiple reflected XSS issues. Affected: Matrix WYSIWYG plugins in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Impact: remote attacker can inject arbitrary web script or HTML. Remediation: upgrade to 5.3.6.1 or 5.4.1.3 (or newer) where fixed.