VYPR

Couchcms

by Couchcms

Source repositories

CVEs (7)

  • CVE-2026-29002HigApr 10, 2026
    risk 0.47cvss 7.2epss 0.00

    CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request…

  • CVE-2018-7662MedMar 4, 2018
    risk 0.38cvss 5.3epss 0.44

    Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.

  • CVE-2021-47955MedMay 16, 2026
    risk 0.35cvss 5.4epss 0.00

    CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the…

  • CVE-2021-47958MedMay 15, 2026
    risk 0.28cvss 4.3epss 0.00

    CouchCMS 2.2.1 contains a server-side request forgery vulnerability that allows authenticated attackers to make arbitrary HTTP requests by uploading malicious SVG files. Attackers can upload SVG files containing external entity references through the browse.php endpoint to…

  • CVE-2025-15005LowDec 22, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded…

  • CVE-2025-67004Jan 9, 2026
    risk 0.00cvss epss 0.06

    ** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community…

  • CVE-2023-41609Sep 11, 2023
    risk 0.00cvss epss 0.00

    An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.