VYPR
Vendor

Mara

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2021-36547CriOct 28, 2021
    risk 0.64cvss 9.8epss 0.03

    A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.

  • CVE-2020-25042HigSep 3, 2020
    risk 0.51cvss 7.2epss 0.18

    An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.

  • CVE-2020-24223MedAug 30, 2020
    risk 0.44cvss 6.1epss 0.15

    Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.

  • CVE-2020-25422MedOct 28, 2021
    risk 0.35cvss 5.4epss 0.01

    A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.