Vendor CVEs
Ilch
All CVEs
24 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26159 | 0.07 | — | 0.13 | Feb 28, 2022 | The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml (and similar pathnames for other languages), which contain all characters typed by all users,… | |||
| CVE-2022-27412 | 0.03 | — | 0.04 | May 9, 2022 | Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | |||
| CVE-2024-28417 | 0.00 | — | 0.00 | Mar 14, 2024 | Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. | |||
| CVE-2024-24520 | 0.00 | — | 0.00 | Feb 29, 2024 | An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | |||
| CVE-2023-5811 | 0.00 | — | 0.01 | Oct 27, 2023 | A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The… | |||
| CVE-2023-5013 | 0.00 | — | 0.01 | Sep 16, 2023 | A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input leads… | |||
| CVE-2023-1683 | 0.00 | — | 0.01 | Mar 29, 2023 | A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has… | |||
| CVE-2023-1682 | 0.00 | — | 0.01 | Mar 28, 2023 | A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has… | |||
| CVE-2022-30982 | 0.00 | — | 0.00 | Jul 17, 2022 | An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username. | |||
| CVE-2022-30981 | 0.00 | — | 0.01 | Jul 17, 2022 | An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution. | |||
| CVE-2022-32994 | 0.00 | — | 0.17 | Jun 27, 2022 | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | |||
| CVE-2022-29704 | 0.00 | — | 0.01 | Jun 2, 2022 | BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. | |||
| CVE-2022-29287 | 0.00 | — | 0.01 | Apr 15, 2022 | Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current… | |||
| CVE-2022-25413 | 0.00 | — | 0.00 | Feb 28, 2022 | Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3. | |||
| CVE-2022-25412 | 0.00 | — | 0.01 | Feb 28, 2022 | Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. | |||
| CVE-2022-25410 | 0.00 | — | 0.00 | Feb 28, 2022 | Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files. | |||
| CVE-2022-25099 | 0.00 | — | 0.01 | Feb 23, 2022 | A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-23873 | 0.00 | — | 0.01 | Feb 3, 2022 | Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | |||
| CVE-2022-23871 | 0.00 | — | 0.01 | Feb 3, 2022 | Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. | |||
| CVE-2021-27352 | 0.00 | — | 0.01 | Mar 29, 2021 | An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login. | |||
| CVE-2019-17046 | 0.00 | — | 0.04 | Sep 30, 2019 | Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. | |||
| CVE-2019-17045 | 0.00 | — | 0.01 | Sep 30, 2019 | Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. | |||
| CVE-2015-2083 | 0.00 | — | 0.01 | Feb 25, 2015 | Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php. | |||
| CVE-2014-1944 | 0.00 | — | 0.03 | Mar 9, 2014 | Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry. |
- CVE-2022-26159Feb 28, 2022risk 0.07cvss —epss 0.13
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion//en.xml (and similar pathnames for other languages), which contain all characters typed by all users,…
- CVE-2022-27412May 9, 2022risk 0.03cvss —epss 0.04
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.
- CVE-2024-28417Mar 14, 2024risk 0.00cvss —epss 0.00
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
- CVE-2024-24520Feb 29, 2024risk 0.00cvss —epss 0.00
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
- CVE-2023-5811Oct 27, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The…
- CVE-2023-5013Sep 16, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input leads…
- CVE-2023-1683Mar 29, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has…
- CVE-2023-1682Mar 28, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has…
- CVE-2022-30982Jul 17, 2022risk 0.00cvss —epss 0.00
An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username.
- CVE-2022-30981Jul 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.
- CVE-2022-32994Jun 27, 2022risk 0.00cvss —epss 0.17
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
- CVE-2022-29704Jun 2, 2022risk 0.00cvss —epss 0.01
BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.
- CVE-2022-29287Apr 15, 2022risk 0.00cvss —epss 0.01
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current…
- CVE-2022-25413Feb 28, 2022risk 0.00cvss —epss 0.00
Maxsite CMS v108 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_tags at /admin/page_edit/3.
- CVE-2022-25412Feb 28, 2022risk 0.00cvss —epss 0.01
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters.
- CVE-2022-25410Feb 28, 2022risk 0.00cvss —epss 0.00
Maxsite CMS v180 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the parameter f_file_description at /admin/files.
- CVE-2022-25099Feb 23, 2022risk 0.00cvss —epss 0.01
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-23873Feb 3, 2022risk 0.00cvss —epss 0.01
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
- CVE-2022-23871Feb 3, 2022risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.
- CVE-2021-27352Mar 29, 2021risk 0.00cvss —epss 0.01
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.
- CVE-2019-17046Sep 30, 2019risk 0.00cvss —epss 0.04
Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page.
- CVE-2019-17045Sep 30, 2019risk 0.00cvss —epss 0.01
Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab.
- CVE-2015-2083Feb 25, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php.
- CVE-2014-1944Mar 9, 2014risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.