VYPR

Dobrycms

by Studio Fabryka

CVEs (4)

  • CVE-2025-12462CriMar 2, 2026
    risk 0.60cvss epss 0.00

    A Blind SQL injection vulnerability has been identified in DobryCMS.  A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection. This issue was fixed in versions above 8.0.

  • CVE-2025-8536CriOct 24, 2025
    risk 0.60cvss epss 0.00

    A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software.

  • CVE-2025-4379MedMay 23, 2025
    risk 0.33cvss epss 0.00

    DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was…

  • CVE-2025-14532Mar 2, 2026
    risk 0.00cvss epss 0.01

    DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.