Packagist (Composer) package
tribalsystems/zenario
pkg:composer/tribalsystems/zenario
Malware
1 malicious version on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- PKG-PKSA-jm4c-kd3j-5hgrZenario allows authenticated admin users to upload PDF files containing malicious codeOct 2, 2024
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18420 | — | >= 0 | — | Oct 19, 2018 | Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | ||
| CVE-2018-5960 | Hig | 8.8 | >= 7.1, <= 7.6 | — | Jan 22, 2018 | Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. |
- CVE-2018-18420Oct 19, 2018affected >= 0
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
- affected >= 7.1, <= 7.6
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
Page 2 of 2