VYPR

CMS

by Plume CMS

CVEs (11)

  • CVE-2012-1414Oct 7, 2012
    Plume CMS
    CMS
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.

  • CVE-2012-2156Apr 11, 2012
    Plume CMS
    CMS
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to…

  • CVE-2009-3418Sep 25, 2009
    Plume CMS
    CMS
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an…

  • CVE-2006-7021Feb 15, 2007
    Plume CMS
    CMS
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.

  • CVE-2006-3562Jul 13, 2006
    Plume CMS
    CMS
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and…

  • CVE-2006-2645May 30, 2006
    Plume CMS
    Plume
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725.

  • CVE-2006-0725Feb 16, 2006
    Plume CMS
    CMS
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than…

  • CVE-2011-3985Nov 9, 2011
    Plume CMS
    CMS
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-2294Jun 15, 2010
    Plume CMS
    CMS
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

  • CVE-2008-1048Feb 27, 2008
    Plume CMS
    CMS
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

  • CVE-2006-4533Sep 1, 2006
    Plume CMS
    CMS
    risk 0.00cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6)…