Mara CMS
by Mara
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36547 | Cri | 0.64 | 9.8 | 0.03 | Oct 28, 2021 | A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. | ||
| CVE-2020-25042 | Hig | 0.51 | 7.2 | 0.18 | Sep 3, 2020 | An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php. | ||
| CVE-2020-24223 | Med | 0.44 | 6.1 | 0.15 | Aug 30, 2020 | Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | ||
| CVE-2020-25422 | Med | 0.35 | 5.4 | 0.01 | Oct 28, 2021 | A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
- risk 0.64cvss 9.8epss 0.03
A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.
- risk 0.51cvss 7.2epss 0.18
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.
- risk 0.44cvss 6.1epss 0.15
Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.
- risk 0.35cvss 5.4epss 0.01
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.