VYPR

Elefantcms

by Elefantcms

Source repositories

CVEs (5)

  • CVE-2024-50591HigNov 8, 2024
    risk 0.51cvss 7.8epss 0.02

    An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the…

  • CVE-2024-50590HigNov 8, 2024
    risk 0.51cvss 7.8epss 0.00

    Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is …

  • CVE-2024-50592HigNov 8, 2024
    risk 0.46cvss 7.0epss 0.00

    An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service…

  • CVE-2012-6521Jan 24, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions.

  • CVE-2012-1296Aug 26, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview.