CMS
by Siteserver
Source repositories
CVEs (63)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3514 | 0.03 | — | 0.01 | Oct 1, 2009 | Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a… | |||
| CVE-2009-2402 | 0.03 | — | 0.01 | Jul 9, 2009 | SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. | |||
| CVE-2009-2401 | 0.03 | — | 0.01 | Jul 9, 2009 | Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post. | |||
| CVE-2007-3214 | 0.03 | — | 0.01 | Jun 14, 2007 | SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. | |||
| CVE-2007-2685 | 0.03 | — | 0.01 | May 21, 2007 | Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. | |||
| CVE-2006-4559 | 0.03 | — | 0.05 | Sep 6, 2006 | Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3)… | |||
| CVE-2005-4317 | 0.03 | — | 0.05 | Dec 17, 2005 | Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2)… | |||
| CVE-2025-25967 | 0.00 | — | 0.01 | Mar 3, 2025 | Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of… | |||
| CVE-2024-53477 | 0.00 | — | 0.01 | Dec 2, 2024 | JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java | |||
| CVE-2024-48291 | 0.00 | — | 0.00 | Oct 28, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17 | |||
| CVE-2024-48191 | 0.00 | — | 0.00 | Oct 28, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17 | |||
| CVE-2024-48758 | 0.00 | — | 0.00 | Oct 16, 2024 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code | |||
| CVE-2024-46485 | 0.00 | — | 0.00 | Sep 25, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate | |||
| CVE-2024-46600 | 0.00 | — | 0.00 | Sep 25, 2024 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31 | |||
| CVE-2024-8652 | 0.00 | — | 0.00 | Sep 19, 2024 | A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] .… | |||
| CVE-2024-8302 | 0.00 | — | 0.01 | Aug 29, 2024 | A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The… | |||
| CVE-2024-42611 | 0.00 | — | 0.00 | Aug 20, 2024 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete | |||
| CVE-2024-42612 | 0.00 | — | 0.00 | Aug 20, 2024 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add | |||
| CVE-2024-42607 | 0.00 | — | 0.00 | Aug 20, 2024 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database | |||
| CVE-2024-32418 | 0.00 | — | 0.01 | Apr 22, 2024 | An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. |
- CVE-2009-3514Oct 1, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a…
- CVE-2009-2402Jul 9, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
- CVE-2009-2401Jul 9, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.
- CVE-2007-3214Jun 14, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
- CVE-2007-2685May 21, 2007risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
- CVE-2006-4559Sep 6, 2006risk 0.03cvss —epss 0.05
Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3)…
- CVE-2005-4317Dec 17, 2005risk 0.03cvss —epss 0.05
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2)…
- CVE-2025-25967Mar 3, 2025risk 0.00cvss —epss 0.01
Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of…
- CVE-2024-53477Dec 2, 2024risk 0.00cvss —epss 0.01
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java
- CVE-2024-48291Oct 28, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
- CVE-2024-48191Oct 28, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17
- CVE-2024-48758Oct 16, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code
- CVE-2024-46485Sep 25, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
- CVE-2024-46600Sep 25, 2024risk 0.00cvss —epss 0.00
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
- CVE-2024-8652Sep 19, 2024risk 0.00cvss —epss 0.00
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] .…
- CVE-2024-8302Aug 29, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The…
- CVE-2024-42611Aug 20, 2024risk 0.00cvss —epss 0.00
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
- CVE-2024-42612Aug 20, 2024risk 0.00cvss —epss 0.00
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add
- CVE-2024-42607Aug 20, 2024risk 0.00cvss —epss 0.00
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
- CVE-2024-32418Apr 22, 2024risk 0.00cvss —epss 0.01
An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.
Page 2 of 4