Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2008-3088
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote malicious users to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
Kasseler-cms Kasseler Cms 1.3.0
Kasseler-cms Kasseler Cms 1.3.1
1 EDB exploit
645
VMScore
CVE-2006-2142
PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the classes_dir parameter.
Limbo Cms Limbo Cms 1.0.4
Limbo Cms Limbo Cms 1.0.4.2
1 EDB exploit
755
VMScore
CVE-2007-4808
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir act...
Tlm Cms Tlm Cms 3.2
Tlm Cms Tlm Cms 1.1
1 EDB exploit
755
VMScore
CVE-2008-1913
SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the new parameter in a new action.
Lasernet Cms Lasernet Cms 1.5
Lasernet Cms Lasernet Cms 1.11
1 EDB exploit
755
VMScore
CVE-2008-4356
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote malicious users to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting mo...
Kasseler-cms Kasseler Cms 1.1.0
Kasseler-cms Kasseler Cms 1.2.0
1 EDB exploit
755
VMScore
CVE-2006-3478
PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the domain parameter.
Myphp Cms Myphp Cms 0.3
Myphp Cms Myphp Cms 0.3.1
1 EDB exploit
760
VMScore
CVE-2006-1662
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote malicious users to execute arbitrary PHP commands via the Itemid parameter in index.php.
Limbo Cms Limbo Cms 1.0.4.1
Limbo Cms Limbo Cms 1.0.4.2
2 EDB exploits
755
VMScore
CVE-2009-4231
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and previous versions allows remote malicious users to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
Basic-cms Sweetrice
Basic-cms Sweetrice 0.5.2
Basic-cms Sweetrice 0.4.4
Basic-cms Sweetrice 0.4.2
Basic-cms Sweetrice 0.4.1
Basic-cms Sweetrice 0.3.0
Basic-cms Sweetrice 0.2.0
Basic-cms Sweetrice 0.4.0
Basic-cms Sweetrice 0.2.1
1 EDB exploit
668
VMScore
CVE-2010-2797
Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple prior to 1.8.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addboo...
Cmsmadesimple Cms Made Simple 1.0
Cmsmadesimple Cms Made Simple 1.6.3
Cmsmadesimple Cms Made Simple 1.6.5
Cmsmadesimple Cms Made Simple 1.5.1
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.2.1
Cmsmadesimple Cms Made Simple 1.1.1
Cmsmadesimple Cms Made Simple 1.0.3
Cmsmadesimple Cms Made Simple 1.4.1
Cmsmadesimple Cms Made Simple 1.2
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 1.2.2
Cmsmadesimple Cms Made Simple
Cmsmadesimple Cms Made Simple 1.5.4
Cmsmadesimple Cms Made Simple 1.6
Cmsmadesimple Cms Made Simple 1.6.1
Cmsmadesimple Cms Made Simple 1.6.2
Cmsmadesimple Cms Made Simple 1.0.8
Cmsmadesimple Cms Made Simple 1.0.7
Cmsmadesimple Cms Made Simple 1.0.6
Cmsmadesimple Cms Made Simple 1.0.4
Cmsmadesimple Cms Made Simple 1.0.5
605
VMScore
CVE-2012-5450
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that delete arbitrary files via the deld pa...
Cmsmadesimple Cms Made Simple 1.9.3
Cmsmadesimple Cms Made Simple 1.9.4
Cmsmadesimple Cms Made Simple 1.8.2
Cmsmadesimple Cms Made Simple 1.9
Cmsmadesimple Cms Made Simple 1.6.6
Cmsmadesimple Cms Made Simple 1.5.4
Cmsmadesimple Cms Made Simple
Cmsmadesimple Cms Made Simple 1.9.1
Cmsmadesimple Cms Made Simple 1.1.3
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6.3
Cmsmadesimple Cms Made Simple 1.5
Cmsmadesimple Cms Made Simple 1.5.1
Cmsmadesimple Cms Made Simple 1.2.3
Cmsmadesimple Cms Made Simple 1.2.1
Cmsmadesimple Cms Made Simple 1.7.1
Cmsmadesimple Cms Made Simple 1.8.1
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 0.1
Cmsmadesimple Cms Made Simple 0.7.2
Cmsmadesimple Cms Made Simple 0.7.1
Cmsmadesimple Cms Made Simple 0.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »