Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plume cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-2156
Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors...
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
Plume-cms Plume Cms 1.0.4
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.2.3
Plume-cms Plume Cms 1.2.2
Plume-cms Plume Cms 1.0.2
1 EDB exploit
6.8
CVSSv2
CVE-2012-1414
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create News pages via a publish action.
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.2.2
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
Plume-cms Plume Cms 1.2.3
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms 1.0.2
Plume-cms Plume Cms 1.0.4
1 EDB exploit
2.6
CVSSv2
CVE-2011-3985
Cross-site scripting (XSS) vulnerability in Plume prior to 1.2.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms
Plume-cms Plume Cms 1.0.4
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.0.2
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.0.5
7.5
CVSSv2
CVE-2006-4533
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and previous versions allow remote malicious users to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (...
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
4.3
CVSSv2
CVE-2008-1048
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via the dir parameter.
Plume-cms Plume Cms 1.2.2
7.5
CVSSv2
CVE-2006-7021
PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote malicious users to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.
Plume-cms Plume Cms 1.1.3
1 EDB exploit
6.5
CVSSv2
CVE-2009-3418
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_...
Plume-cms Plume Cms 1.2.3
1 EDB exploit
6.8
CVSSv2
CVE-2006-0725
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote malicious users to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version tha...
Plume-cms Plume Cms 1.0.2
1 EDB exploit
7.5
CVSSv2
CVE-2006-3562
PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote malicious users to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645...
Plume-cms Plume Cms 1.0.4
3 EDB exploits
7.5
CVSSv2
CVE-2006-2645
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote malicious users to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725.
Plume-cms Plume Cms 1.0.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »