Chevereto
by Chevereto
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-37186 | Cri | 0.64 | 9.8 | 0.01 | Feb 11, 2026 | Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system… | ||
| CVE-2017-1000058 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2017 | Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | ||
| CVE-2012-2919 | 0.03 | — | 0.03 | May 21, 2012 | Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. | |||
| CVE-2012-2918 | 0.03 | — | 0.02 | May 21, 2012 | Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. | |||
| CVE-2021-31721 | 0.00 | — | 0.01 | Jun 30, 2021 | Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. | |||
| CVE-2018-12030 | Med | 0.00 | 5.4 | 0.01 | Jun 15, 2018 | Chevereto Free before 1.0.13 has XSS. |
- risk 0.64cvss 9.8epss 0.01
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system…
- risk 0.40cvss 6.1epss 0.01
Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.
- CVE-2012-2919May 21, 2012risk 0.03cvss —epss 0.03
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
- CVE-2012-2918May 21, 2012risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
- CVE-2021-31721Jun 30, 2021risk 0.00cvss —epss 0.01
Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.
- risk 0.00cvss 5.4epss 0.01
Chevereto Free before 1.0.13 has XSS.