3 matches found
CVE-2007-2774
CVE-2007-2774 affects SunLight CMS 5.3 and involves multiple PHP remote file inclusion vulnerabilities. The root cause is unsafe handling of a URL parameter (root) passed to _connect.php and modules/startup.php, allowing an attacker to cause arbitrary PHP code execution on the server. Reported im...
CVE-2023-48202
CVE-2023-48202 affects Sunlight CMS 8.0.1. An authenticated low-privileged user can escalate privileges via a crafted SVG file in the File Manager component, exploiting an XSS flaw. The vulnerability is documented across multiple feeds (NVD, Red Hat, OSV, CNNVD, etc.). Remediation guidance observ...
CVE-2023-48201
Sunlight CMS 8.0.1 is affected by a Cross Site Scripting (XSS) vulnerability in the Content text editor component. A remote authenticated attacker can craft a script that, when processed by the editor, may lead to arbitrary code execution and privilege escalation. The available sources consistent...