Cfmsource
Products
8- 4 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6324 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||
| CVE-2008-6323 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||
| CVE-2008-6322 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||
| CVE-2008-6319 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||
| CVE-2016-20023 | 0.00 | — | 0.00 | Dec 5, 2025 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. | |||
| CVE-2025-63830 | 0.00 | — | 0.00 | Nov 14, 2025 | CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content. | |||
| CVE-2011-4972 | 0.00 | — | 0.02 | Nov 13, 2019 | hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. | |||
| CVE-2019-15891 | 0.00 | — | 0.01 | Sep 26, 2019 | An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection. | |||
| CVE-2019-15862 | 0.00 | — | 0.02 | Sep 26, 2019 | An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP,… | |||
| CVE-2014-4037 | 0.00 | — | 0.03 | Jun 11, 2014 | Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a… |
- CVE-2008-6324Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
- CVE-2008-6323Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
- CVE-2008-6322Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
- CVE-2008-6319Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
- CVE-2016-20023Dec 5, 2025risk 0.00cvss —epss 0.00
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.
- CVE-2025-63830Nov 14, 2025risk 0.00cvss —epss 0.00
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
- CVE-2011-4972Nov 13, 2019risk 0.00cvss —epss 0.02
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.
- CVE-2019-15891Sep 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.
- CVE-2019-15862Sep 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP,…
- CVE-2014-4037Jun 11, 2014risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a…