VYPR
Vendor

Maccms

Products
1
CVEs
26
Across products
26
Status
Private

Products

1

Recent CVEs

26
View all 26 CVEs →
  • CVE-2017-17733CriDec 18, 2017
    risk 0.67cvss 9.8epss 0.44

    Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.

  • CVE-2018-12114HigJun 14, 2018
    risk 0.60cvss 8.8epss 0.03

    Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.

  • CVE-2026-4562HigMar 23, 2026
    risk 0.47cvss 7.3epss 0.01

    A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The…

  • CVE-2026-7578MedMay 1, 2026
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be…

  • CVE-2025-10397MedSep 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and…

  • CVE-2025-10122MedSep 9, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made…

  • CVE-2026-4563MedMar 23, 2026
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail Interface. This manipulation of the argument order_id causes authorization…

  • CVE-2025-10395Sep 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the…

  • CVE-2025-45474May 29, 2025
    risk 0.00cvss epss 0.00

    maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.

  • CVE-2025-45475May 27, 2025
    risk 0.00cvss epss 0.00

    maccms10 v2025.1000.4047 is vulnerable to Server-Side request forgery (SSRF) in Friend Link Management.

  • CVE-2025-28090Mar 28, 2025
    risk 0.00cvss epss 0.00

    maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.

  • CVE-2025-28089Mar 28, 2025
    risk 0.00cvss epss 0.00

    maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.

  • CVE-2024-46654Sep 20, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2024-32391Apr 19, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.

  • CVE-2022-47872Feb 1, 2023
    risk 0.00cvss epss 0.01

    A Server-Side Request Forgery (SSRF) in maccms10 v2021.1000.2000 allows attackers to force the application to make arbitrary requests via a crafted payload injected into the Name parameter under the Interface address module.

  • CVE-2022-31303Jun 21, 2022
    risk 0.00cvss epss 0.00

    maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.

  • CVE-2022-31302Jun 21, 2022
    risk 0.00cvss epss 0.00

    maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.

  • CVE-2021-43707Mar 31, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.

  • CVE-2022-27886Mar 25, 2022
    risk 0.00cvss epss 0.01

    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.

  • CVE-2022-27887Mar 25, 2022
    risk 0.00cvss epss 0.01

    Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.