Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
intelliants subrion cms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-6002
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
Intelliants Subrion Cms 4.0.5.10
NA
CVE-2011-5212
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote malicious users to execute arbitrary SQL commands via the (1) user name or (2) password field.
Intelliants Subrion Cms 2.0.4
1 EDB exploit
5.4
CVSSv3
CVE-2020-22392
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
Intelliants Subrion Cms 4.2.2
NA
CVE-2014-9120
Cross-site scripting (XSS) vulnerability in Subrion CMS prior to 3.2.3 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.
Intelliants Subrion
6.1
CVSSv3
CVE-2018-14840
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
Intelliants Subrion 4.2.1
1 EDB exploit
6.1
CVSSv3
CVE-2018-11317
Subrion CMS prior to 4.1.4 has XSS.
Intelliants Subrion
5.4
CVSSv3
CVE-2021-41948
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
Intelliants Subrion
8.8
CVSSv3
CVE-2018-21037
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
Intelliants Subrion
6.1
CVSSv3
CVE-2020-23761
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote malicious users to execute arbitrary web script via the "payment gateway" column on transactions tab.
Intelliants Subrion
6.5
CVSSv3
CVE-2020-12469
admin/blocks.php in Subrion CMS up to and including 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
Intelliants Subrion
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »