VYPR

CMS

by Siteserver

Source repositories

CVEs (63)

  • CVE-2007-1966CriApr 11, 2007
    risk 0.59cvss 9.1epss 0.01

    Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

  • CVE-2024-7729HigAug 14, 2024
    risk 0.49cvss 7.5epss 0.01

    The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files.

  • CVE-2026-7435HigApr 30, 2026
    risk 0.47cvss 7.2epss 0.00

    SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic…

  • CVE-2024-7728HigAug 14, 2024
    risk 0.47cvss 7.2epss 0.01

    The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.

  • CVE-2024-9294MedSep 27, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection.…

  • CVE-2024-8303MedAug 29, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate…

  • CVE-2024-29023HigApr 12, 2024
    risk 0.40cvss 7.2epss 0.01

    Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session.…

  • CVE-2015-8376MedJan 8, 2016
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1.

  • CVE-2024-12907MedJan 2, 2025
    risk 0.34cvss epss 0.00

    Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not…

  • CVE-2026-7429MedApr 30, 2026
    risk 0.30cvss 4.6epss 0.00

    SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can…

  • CVE-2020-24223Aug 30, 2020
    risk 0.04cvss epss 0.15

    Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.

  • CVE-2006-4963Sep 23, 2006
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code…

  • CVE-2013-4952Jul 29, 2013
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2012-5293Oct 4, 2012
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to…

  • CVE-2010-2674Jul 8, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.

  • CVE-2010-2358Jun 21, 2010
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of…

  • CVE-2009-4876May 26, 2010
    risk 0.03cvss epss 0.02

    admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter.

  • CVE-2010-2047May 25, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.

  • CVE-2009-4723Mar 18, 2010
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

  • CVE-2009-4156Dec 2, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.

Page 1 of 4