VYPR
Vendor

Chevereto

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2020-37186CriFeb 11, 2026
    risk 0.64cvss 9.8epss 0.01

    Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system…

  • CVE-2017-1000058MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.

  • CVE-2012-2919May 21, 2012
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.

  • CVE-2012-2918May 21, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.

  • CVE-2021-31721Jun 30, 2021
    risk 0.00cvss epss 0.01

    Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.

  • CVE-2018-12030MedJun 15, 2018
    risk 0.00cvss 5.4epss 0.01

    Chevereto Free before 1.0.13 has XSS.