VYPR
Vendor

Cfmsource

Products
8
CVEs
10
Across products
10
Status
Private

Products

8

Recent CVEs

10
  • CVE-2008-6324Feb 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.

  • CVE-2008-6323Feb 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.

  • CVE-2008-6322Feb 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.

  • CVE-2008-6319Feb 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.

  • CVE-2016-20023Dec 5, 2025
    risk 0.00cvss epss 0.00

    In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.

  • CVE-2025-63830Nov 14, 2025
    risk 0.00cvss epss 0.00

    CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.

  • CVE-2011-4972Nov 13, 2019
    risk 0.00cvss epss 0.02

    hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.

  • CVE-2019-15891Sep 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.

  • CVE-2019-15862Sep 26, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP,…

  • CVE-2014-4037Jun 11, 2014
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a…