Nova CMS
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25431 | Hig | 0.46 | 7.1 | 0.00 | Jun 1, 2026 | No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious… | ||
| CVE-2024-4658 | Med | 0.45 | — | 0.00 | Oct 10, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0. | ||
| CVE-2012-1200 | 0.03 | — | 0.03 | Feb 18, 2012 | Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to… | |||
| CVE-2018-19901 | 0.00 | — | 0.01 | Dec 31, 2018 | No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. | |||
| CVE-2018-19902 | 0.00 | — | 0.01 | Dec 31, 2018 | No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. | |||
| CVE-2018-18868 | 0.00 | — | 0.01 | Oct 31, 2018 | No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. |
- risk 0.46cvss 7.1epss 0.00
No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage_privilege/index/export with malicious…
- risk 0.45cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0.
- CVE-2012-1200Feb 18, 2012risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to…
- CVE-2018-19901Dec 31, 2018risk 0.00cvss —epss 0.01
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
- CVE-2018-19902Dec 31, 2018risk 0.00cvss —epss 0.01
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter.
- CVE-2018-18868Oct 31, 2018risk 0.00cvss —epss 0.01
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter.