Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plume-cms vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2012-2156
Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors...
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
Plume-cms Plume Cms 1.0.4
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.2.3
Plume-cms Plume Cms 1.2.2
Plume-cms Plume Cms 1.0.2
1 EDB exploit
685
VMScore
CVE-2012-1414
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create News pages via a publish action.
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.2.2
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
Plume-cms Plume Cms 1.2.3
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms 1.0.2
Plume-cms Plume Cms 1.0.4
1 EDB exploit
231
VMScore
CVE-2011-3985
Cross-site scripting (XSS) vulnerability in Plume prior to 1.2.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Plume-cms Plume Cms 1.2
Plume-cms Plume Cms 1.0.6
Plume-cms Plume Cms
Plume-cms Plume Cms 1.0.4
Plume-cms Plume Cms 1.0.3
Plume-cms Plume Cms 1.0.2
Plume-cms Plume Cms 1.2.1
Plume-cms Plume Cms 1.1.3
Plume-cms Plume Cms 1.0.5
668
VMScore
CVE-2006-4533
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and previous versions allow remote malicious users to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (...
Plume-cms Plume Cms 1.0.5
Plume-cms Plume Cms
383
VMScore
CVE-2008-1048
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via the dir parameter.
Plume-cms Plume Cms 1.2.2
765
VMScore
CVE-2006-3562
PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote malicious users to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645...
Plume-cms Plume Cms 1.0.4
3 EDB exploits
655
VMScore
CVE-2009-3418
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_...
Plume-cms Plume Cms 1.2.3
1 EDB exploit
755
VMScore
CVE-2006-7021
PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote malicious users to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.
Plume-cms Plume Cms 1.1.3
1 EDB exploit
685
VMScore
CVE-2006-0725
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote malicious users to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version tha...
Plume-cms Plume Cms 1.0.2
1 EDB exploit
755
VMScore
CVE-2006-2645
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote malicious users to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725.
Plume-cms Plume Cms 1.0.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »