Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fork cms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-23264
Cross-site request forgery (CSRF) in Fork-CMS prior to 5.8.2 allow remote malicious users to hijack the authentication of logged administrators.
Fork-cms Fork Cms
6.5
CVSSv2
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Fork-cms Fork Cms
6.8
CVSSv2
CVE-2020-23960
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork prior to 5.8.3 allows remote malicious users to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing ...
Fork-cms Fork Cms
4.3
CVSSv2
CVE-2020-13633
Fork prior to 5.8.3 allows XSS via navigation_title or title.
Fork-cms Fork Cms
4.3
CVSSv2
CVE-2014-9470
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS prior to 3.8.4 allows remote malicious users to inject arbitrary web script or HTML via the q_widget parameter to en/search.
Fork-cms Fork Cms
1.9
CVSSv2
CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a g...
Openssl Openssl
5
CVSSv2
CVE-2019-1549
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in ...
Openssl Openssl
4.3
CVSSv2
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th...
Openssl Openssl
1 Github repository
7.5
CVSSv2
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS prior to 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
Spoon-library Spoon Library
Fork-cms Fork Cms
3.5
CVSSv2
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Fork-cms Fork Cms 5.0.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »