Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plume-cms plume cms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2012-1414
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create News pages via a publish action.
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.2.2
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
Plume-cms Plume Cms 1.2.3
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms 1.0.2
Plume-cms Plume Cms 1.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2012-2156
Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors...
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
Plume-cms Plume Cms 1.0.4
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.2.3
Plume-cms Plume Cms 1.2.2
Plume-cms Plume Cms 1.0.2
1 EDB exploit
2.6
CVSSv2
CVE-2011-3985
Cross-site scripting (XSS) vulnerability in Plume prior to 1.2.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms
Plume-cms Plume Cms 1.0.4
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.0.2
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.0.5
7.5
CVSSv2
CVE-2006-4533
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and previous versions allow remote malicious users to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (...
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
6.5
CVSSv2
CVE-2009-3418
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_...
Plume-cms Plume Cms 1.2.3
1 EDB exploit
7.5
CVSSv2
CVE-2006-3562
PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote malicious users to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645...
Plume-cms Plume Cms 1.0.4
3 EDB exploits
7.5
CVSSv2
CVE-2006-7021
PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote malicious users to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.
Plume-cms Plume Cms 1.1.3
1 EDB exploit
4.3
CVSSv2
CVE-2008-1048
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via the dir parameter.
Plume-cms Plume Cms 1.2.2
7.5
CVSSv2
CVE-2006-2645
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote malicious users to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725.
Plume-cms Plume Cms 1.0.3
1 EDB exploit
6.8
CVSSv2
CVE-2006-0725
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote malicious users to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version tha...
Plume-cms Plume Cms 1.0.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »