Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-3478
PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the domain parameter.
Myphp Cms Myphp Cms 0.3
Myphp Cms Myphp Cms 0.3.1
1 EDB exploit
7.5
CVSSv2
CVE-2008-1913
SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the new parameter in a new action.
Lasernet Cms Lasernet Cms 1.5
Lasernet Cms Lasernet Cms 1.11
1 EDB exploit
7.5
CVSSv2
CVE-2007-4808
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir act...
Tlm Cms Tlm Cms 3.2
Tlm Cms Tlm Cms 1.1
1 EDB exploit
7.5
CVSSv2
CVE-2006-1662
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote malicious users to execute arbitrary PHP commands via the Itemid parameter in index.php.
Limbo Cms Limbo Cms 1.0.4.1
Limbo Cms Limbo Cms 1.0.4.2
2 EDB exploits
4.3
CVSSv2
CVE-2008-3088
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote malicious users to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
Kasseler-cms Kasseler Cms 1.3.0
Kasseler-cms Kasseler Cms 1.3.1
1 EDB exploit
5
CVSSv2
CVE-2006-2105
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote malicious users to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.
Jupiter Cms Jupiter Cms 1.1.4
Jupiter Cms Jupiter Cms 1.1.5
6.4
CVSSv2
CVE-2006-2142
PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the classes_dir parameter.
Limbo Cms Limbo Cms 1.0.4
Limbo Cms Limbo Cms 1.0.4.2
1 EDB exploit
7.5
CVSSv2
CVE-2010-2797
Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple prior to 1.8.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addboo...
Cmsmadesimple Cms Made Simple 1.0
Cmsmadesimple Cms Made Simple 1.6.3
Cmsmadesimple Cms Made Simple 1.6.5
Cmsmadesimple Cms Made Simple 1.5.1
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.2.1
Cmsmadesimple Cms Made Simple 1.1.1
Cmsmadesimple Cms Made Simple 1.0.3
Cmsmadesimple Cms Made Simple 1.4.1
Cmsmadesimple Cms Made Simple 1.2
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 1.2.2
Cmsmadesimple Cms Made Simple
Cmsmadesimple Cms Made Simple 1.5.4
Cmsmadesimple Cms Made Simple 1.6
Cmsmadesimple Cms Made Simple 1.6.1
Cmsmadesimple Cms Made Simple 1.6.2
Cmsmadesimple Cms Made Simple 1.0.8
Cmsmadesimple Cms Made Simple 1.0.7
Cmsmadesimple Cms Made Simple 1.0.6
Cmsmadesimple Cms Made Simple 1.0.4
Cmsmadesimple Cms Made Simple 1.0.5
7.5
CVSSv2
CVE-2009-4231
Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0.5.3 and previous versions allows remote malicious users to include and execute arbitrary local files via .. (dot dot) in the plugin parameter.
Basic-cms Sweetrice
Basic-cms Sweetrice 0.5.2
Basic-cms Sweetrice 0.4.4
Basic-cms Sweetrice 0.4.2
Basic-cms Sweetrice 0.4.1
Basic-cms Sweetrice 0.3.0
Basic-cms Sweetrice 0.2.0
Basic-cms Sweetrice 0.4.0
Basic-cms Sweetrice 0.2.1
1 EDB exploit
6.8
CVSSv2
CVE-2012-5450
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that delete arbitrary files via the deld pa...
Cmsmadesimple Cms Made Simple 1.9.3
Cmsmadesimple Cms Made Simple 1.9.4
Cmsmadesimple Cms Made Simple 1.8.2
Cmsmadesimple Cms Made Simple 1.9
Cmsmadesimple Cms Made Simple 1.6.6
Cmsmadesimple Cms Made Simple 1.5.4
Cmsmadesimple Cms Made Simple
Cmsmadesimple Cms Made Simple 1.9.1
Cmsmadesimple Cms Made Simple 1.1.3
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6.3
Cmsmadesimple Cms Made Simple 1.5
Cmsmadesimple Cms Made Simple 1.5.1
Cmsmadesimple Cms Made Simple 1.2.3
Cmsmadesimple Cms Made Simple 1.2.1
Cmsmadesimple Cms Made Simple 1.7.1
Cmsmadesimple Cms Made Simple 1.8.1
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 0.1
Cmsmadesimple Cms Made Simple 0.7.2
Cmsmadesimple Cms Made Simple 0.7.1
Cmsmadesimple Cms Made Simple 0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »