Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fork cms vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2015-1467
Multiple SQL injection vulnerabilities in Translations in Fork CMS prior to 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
Fork-cms Fork Cms
1 EDB exploit
668
VMScore
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS prior to 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
Spoon-library Spoon Library
Fork-cms Fork Cms
605
VMScore
CVE-2020-23264
Cross-site request forgery (CSRF) in Fork-CMS prior to 5.8.2 allow remote malicious users to hijack the authentication of logged administrators.
Fork-cms Fork Cms
605
VMScore
CVE-2020-23960
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork prior to 5.8.3 allows remote malicious users to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing ...
Fork-cms Fork Cms
578
VMScore
CVE-2022-1064
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms before 5.11.1.
Fork-cms Fork Cms
578
VMScore
CVE-2021-28931
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows malicious users to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
Fork-cms Fork Cms 5.9.2
578
VMScore
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Fork-cms Fork Cms
449
VMScore
CVE-2019-1549
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in ...
Openssl Openssl
445
VMScore
CVE-2012-1207
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.
Fork-cms Fork Cms 3.2.4
440
VMScore
CVE-2012-1188
Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS prior to 3.2.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.
Fork-cms Fork Cms
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »