Packagist (Composer) package
anchorcms/anchor-cms
pkg:composer/anchorcms/anchor-cms
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29499 | — | <= 0.12.7 | — | Mar 22, 2024 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. | ||
| CVE-2024-29338 | — | <= 0.12.7 | — | Mar 22, 2024 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. | ||
| CVE-2022-25576 | — | <= 0.12.7 | — | Mar 24, 2022 | Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. | ||
| CVE-2021-44116 | — | <= 0.12.7 | — | Dec 15, 2021 | Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operati | ||
| CVE-2018-7251 | — | < 0.12.7 | 0.12.7 | Feb 19, 2018 | An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred. |
- CVE-2024-29499Mar 22, 2024affected <= 0.12.7
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
- CVE-2024-29338Mar 22, 2024affected <= 0.12.7
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.
- CVE-2022-25576Mar 24, 2022affected <= 0.12.7
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
- CVE-2021-44116Dec 15, 2021affected <= 0.12.7
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operati
- CVE-2018-7251Feb 19, 2018affected < 0.12.7fixed 0.12.7
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.