Vendor
Chevereto
Products
2
CVEs
4
Across products
4
Status
Private
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-37186 | Cri | 0.64 | 9.8 | 0.00 | Feb 11, 2026 | Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a crafted POST request. | |
| CVE-2017-1000058 | Med | 0.40 | 6.1 | 0.00 | Jul 17, 2017 | Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. | |
| CVE-2012-2919 | 0.03 | — | 0.05 | May 21, 2012 | Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. | ||
| CVE-2012-2918 | 0.03 | — | 0.03 | May 21, 2012 | Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. |