VYPR

CMS

by Siteserver

Source repositories

CVEs (63)

  • CVE-2009-3514Oct 1, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a…

  • CVE-2009-2402Jul 9, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.

  • CVE-2009-2401Jul 9, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.

  • CVE-2007-3214Jun 14, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.

  • CVE-2007-2685May 21, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.

  • CVE-2006-4559Sep 6, 2006
    risk 0.03cvss epss 0.05

    Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3)…

  • CVE-2005-4317Dec 17, 2005
    risk 0.03cvss epss 0.05

    Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2)…

  • CVE-2025-25967Mar 3, 2025
    risk 0.00cvss epss 0.01

    Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of…

  • CVE-2024-53477Dec 2, 2024
    risk 0.00cvss epss 0.01

    JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java

  • CVE-2024-48291Oct 28, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17

  • CVE-2024-48191Oct 28, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17

  • CVE-2024-48758Oct 16, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code

  • CVE-2024-46485Sep 25, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate

  • CVE-2024-46600Sep 25, 2024
    risk 0.00cvss epss 0.00

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31

  • CVE-2024-8652Sep 19, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] .…

  • CVE-2024-8302Aug 29, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. The…

  • CVE-2024-42611Aug 20, 2024
    risk 0.00cvss epss 0.00

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete

  • CVE-2024-42612Aug 20, 2024
    risk 0.00cvss epss 0.00

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add

  • CVE-2024-42607Aug 20, 2024
    risk 0.00cvss epss 0.00

    Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database

  • CVE-2024-32418Apr 22, 2024
    risk 0.00cvss epss 0.01

    An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.