VYPR
Vendor

Ilch

Products
2
CVEs
24
Across products
25
Status
Private

Products

2

Recent CVEs

24
View all 24 CVEs →
  • CVE-2022-26159Feb 28, 2022
    risk 0.07cvss epss 0.13

    The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml (and similar pathnames for other languages), which contain all characters typed by all users,…

  • CVE-2022-27412May 9, 2022
    risk 0.03cvss epss 0.04

    Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.

  • CVE-2024-28417Mar 14, 2024
    risk 0.00cvss epss 0.00

    Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.

  • CVE-2024-24520Feb 29, 2024
    risk 0.00cvss epss 0.00

    An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.

  • CVE-2023-5811Oct 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2023-5013Sep 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input leads…

  • CVE-2023-1683Mar 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has…

  • CVE-2023-1682Mar 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has…

  • CVE-2022-30982Jul 17, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username.

  • CVE-2022-30981Jul 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.

  • CVE-2022-32994Jun 27, 2022
    risk 0.00cvss epss 0.17

    Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.

  • CVE-2022-29704Jun 2, 2022
    risk 0.00cvss epss 0.01

    BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.

  • CVE-2022-29287Apr 15, 2022
    risk 0.00cvss epss 0.01

    Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current…

  • CVE-2022-25413Feb 28, 2022
    risk 0.00cvss epss 0.00

    Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.

  • CVE-2022-25412Feb 28, 2022
    risk 0.00cvss epss 0.01

    Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters.

  • CVE-2022-25410Feb 28, 2022
    risk 0.00cvss epss 0.00

    Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.

  • CVE-2022-25099Feb 23, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-23873Feb 3, 2022
    risk 0.00cvss epss 0.01

    Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.

  • CVE-2022-23871Feb 3, 2022
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.

  • CVE-2021-27352Mar 29, 2021
    risk 0.00cvss epss 0.01

    An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.