Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fork-cms fork cms vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-23264
Cross-site request forgery (CSRF) in Fork-CMS prior to 5.8.2 allow remote malicious users to hijack the authentication of logged administrators.
Fork-cms Fork Cms
578
VMScore
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Fork-cms Fork Cms
605
VMScore
CVE-2020-23960
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork prior to 5.8.3 allows remote malicious users to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing ...
Fork-cms Fork Cms
383
VMScore
CVE-2020-13633
Fork prior to 5.8.3 allows XSS via navigation_title or title.
Fork-cms Fork Cms
383
VMScore
CVE-2014-9470
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS prior to 3.8.4 allows remote malicious users to inject arbitrary web script or HTML via the q_widget parameter to en/search.
Fork-cms Fork Cms
668
VMScore
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS prior to 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
Spoon-library Spoon Library
Fork-cms Fork Cms
312
VMScore
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Fork-cms Fork Cms 5.0.6
383
VMScore
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
Fork-cms Fork Cms 5.4.0
312
VMScore
CVE-2018-5215
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
Fork-cms Fork Cms 5.0.7
755
VMScore
CVE-2015-1467
Multiple SQL injection vulnerabilities in Translations in Fork CMS prior to 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
Fork-cms Fork Cms
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »