VYPR

Adaptcms

by Adaptcms

CVEs (9)

  • CVE-2015-1060Jan 16, 2015
    risk 0.03cvss epss 0.04

    Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.

  • CVE-2015-1059Jan 16, 2015
    risk 0.03cvss epss 0.05

    Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.

  • CVE-2015-1058Jan 16, 2015
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name…

  • CVE-2011-5108Aug 23, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-2618Jul 2, 2010
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.

  • CVE-2009-0527Feb 11, 2009
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

  • CVE-2009-0526Feb 11, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI.

  • CVE-2008-4524Oct 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

  • CVE-2011-3698Sep 23, 2011
    risk 0.00cvss epss 0.01

    AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files.