Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kasseler-cms kasseler-cms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-4356
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote malicious users to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting mo...
Kasseler-cms Kasseler Cms 1.1.0
Kasseler-cms Kasseler Cms 1.2.0
1 EDB exploit
4.3
CVSSv2
CVE-2008-3088
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote malicious users to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
Kasseler-cms Kasseler Cms 1.3.0
Kasseler-cms Kasseler Cms 1.3.1
1 EDB exploit
7.5
CVSSv2
CVE-2013-3727
SQL injection vulnerability in Kasseler CMS prior to 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Kasseler-cms Kasseler-cms
1 EDB exploit
6.8
CVSSv2
CVE-2013-3729
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS prior to 2 r1232 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail ...
Kasseler-cms Kasseler-cms
1 EDB exploit
4.3
CVSSv2
CVE-2009-2228
Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote malicious users to inject arbitrary web script or HTML via the url parameter in a redirect action.
Kasseler-cms Kasseler Cms
1 EDB exploit
3.5
CVSSv2
CVE-2013-3728
Cross-site scripting (XSS) vulnerability in Kasseler CMS prior to 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.
Kasseler-cms Kasseler-cms
1 EDB exploit
4.3
CVSSv2
CVE-2009-4822
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
Kasseler-cms Kasseler Cms 1.3.4
2 EDB exploits
5
CVSSv2
CVE-2008-3087
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
Kasseler-cms Kasseler Cms 1.3.0
1 EDB exploit
5
CVSSv2
CVE-2009-2229
Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from...
Kasseler-cms Kasseler Cms 1.3.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started