Vendor CVEs
Adaptcms
All CVEs
21 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6650 | Med | 0.31 | 4.7 | 0.00 | Apr 20, 2026 | A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is… | ||
| CVE-2015-1060 | 0.03 | — | 0.04 | Jan 16, 2015 | Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | |||
| CVE-2015-1059 | 0.03 | — | 0.05 | Jan 16, 2015 | Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads. | |||
| CVE-2015-1058 | 0.03 | — | 0.04 | Jan 16, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name… | |||
| CVE-2011-5108 | 0.03 | — | 0.02 | Aug 23, 2012 | Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2010-4877 | 0.03 | — | 0.01 | Oct 7, 2011 | Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | |||
| CVE-2010-2618 | 0.03 | — | 0.02 | Jul 2, 2010 | PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected. | |||
| CVE-2010-0952 | 0.03 | — | 0.01 | Mar 10, 2010 | SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. | |||
| CVE-2008-7209 | 0.03 | — | 0.06 | Sep 11, 2009 | Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it… | |||
| CVE-2008-7208 | 0.03 | — | 0.02 | Sep 11, 2009 | Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php. | |||
| CVE-2009-1946 | 0.03 | — | 0.02 | Jun 5, 2009 | PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter. | |||
| CVE-2009-1259 | 0.03 | — | 0.01 | Apr 7, 2009 | SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php. | |||
| CVE-2008-6652 | 0.03 | — | 0.01 | Apr 7, 2009 | SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter. | |||
| CVE-2009-0527 | 0.03 | — | 0.04 | Feb 11, 2009 | PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | |||
| CVE-2009-0526 | 0.03 | — | 0.01 | Feb 11, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI. | |||
| CVE-2008-4524 | 0.03 | — | 0.01 | Oct 9, 2008 | SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | |||
| CVE-2008-2482 | 0.03 | — | 0.03 | May 28, 2008 | Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action. | |||
| CVE-2007-5016 | 0.03 | — | 0.01 | Sep 20, 2007 | SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows remote attackers to execute arbitrary SQL commands via the abc parameter. | |||
| CVE-2006-0372 | 0.03 | — | 0.01 | Jan 22, 2006 | Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. | |||
| CVE-2006-0318 | 0.03 | — | 0.01 | Jan 19, 2006 | SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||
| CVE-2011-3698 | 0.00 | — | 0.01 | Sep 23, 2011 | AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files. |
- risk 0.31cvss 4.7epss 0.00
A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is…
- CVE-2015-1060Jan 16, 2015risk 0.03cvss —epss 0.04
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
- CVE-2015-1059Jan 16, 2015risk 0.03cvss —epss 0.05
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.
- CVE-2015-1058Jan 16, 2015risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name…
- CVE-2011-5108Aug 23, 2012risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-4877Oct 7, 2011risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
- CVE-2010-2618Jul 2, 2010risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
- CVE-2010-0952Mar 10, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.
- CVE-2008-7209Sep 11, 2009risk 0.03cvss —epss 0.06
Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it…
- CVE-2008-7208Sep 11, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
- CVE-2009-1946Jun 5, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter.
- CVE-2009-1259Apr 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.
- CVE-2008-6652Apr 7, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
- CVE-2009-0527Feb 11, 2009risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
- CVE-2009-0526Feb 11, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI.
- CVE-2008-4524Oct 9, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
- CVE-2008-2482May 28, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action.
- CVE-2007-5016Sep 20, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows remote attackers to execute arbitrary SQL commands via the abc parameter.
- CVE-2006-0372Jan 22, 2006risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.
- CVE-2006-0318Jan 19, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
- CVE-2011-3698Sep 23, 2011risk 0.00cvss —epss 0.01
AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files.