Packagist (Composer) package
elefant/cms
pkg:composer/elefant/cms
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-20064 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1 | ||
| CVE-2017-20063 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack | ||
| CVE-2017-20062 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||
| CVE-2017-20061 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripti | ||
| CVE-2017-20060 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading | ||
| CVE-2017-20059 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input leads to basic cross site scri | ||
| CVE-2017-20058 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Up | ||
| CVE-2017-20057 | — | < 1.3.13 | 1.3.13 | Jun 20, 2022 | A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.1 | ||
| CVE-2018-16975 | — | < 2.0.7 | 2.0.7 | Sep 12, 2018 | An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer | ||
| CVE-2018-16974 | — | < 2.0.7 | 2.0.7 | Sep 12, 2018 | An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for | ||
| CVE-2018-16387 | — | < 2.0.5 | 2.0.5 | Sep 3, 2018 | An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. | ||
| CVE-2018-15601 | — | < 2.0.4 | 2.0.4 | Aug 21, 2018 | apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism. | ||
| CVE-2012-1296 | — | >= 1.0, < 1.0.2-Beta | 1.0.2-Beta | Aug 26, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview. |
- CVE-2017-20064Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1
- CVE-2017-20063Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack
- CVE-2017-20062Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
- CVE-2017-20061Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripti
- CVE-2017-20060Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading
- CVE-2017-20059Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input leads to basic cross site scri
- CVE-2017-20058Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Up
- CVE-2017-20057Jun 20, 2022affected < 1.3.13fixed 1.3.13
A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.1
- CVE-2018-16975Sep 12, 2018affected < 2.0.7fixed 2.0.7
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer
- CVE-2018-16974Sep 12, 2018affected < 2.0.7fixed 2.0.7
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for
- CVE-2018-16387Sep 3, 2018affected < 2.0.5fixed 2.0.5
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
- CVE-2018-15601Aug 21, 2018affected < 2.0.4fixed 2.0.4
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
- CVE-2012-1296Aug 26, 2012affected >= 1.0, < 1.0.2-Betafixed 1.0.2-Beta
Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview.