VYPR

Packagist (Composer) package

tribalsystems/zenario

pkg:composer/tribalsystems/zenario

Malware

1 malicious version on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

  • PKG-PKSA-jm4c-kd3j-5hgrZenario allows authenticated admin users to upload PDF files containing malicious code
    Oct 2, 2024

Vulnerabilities (22)

  • CVE-2018-18420Oct 19, 2018
    affected >= 0

    Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.

  • CVE-2018-5960HigJan 22, 2018
    affected >= 7.1, <= 7.6

    Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.

Page 2 of 2