Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subrion vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-18155
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
Intelliants Subrion 4.2.1
9.8
CVSSv3
CVE-2017-11444
Subrion CMS prior to 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
Intelliants Subrion Cms
9.8
CVSSv3
CVE-2017-11445
Subrion CMS prior to 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
Intelliants Subrion Cms
9.8
CVSSv3
CVE-2017-6013
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
Intelliants Subrion Cms 4.0.5.10
9.8
CVSSv3
CVE-2017-5543
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote malicious users to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
Intelliants Subrion 4.0.5
8.8
CVSSv3
CVE-2023-46947
Subrion 4.2.1 has a remote command execution vulnerability in the backend.
Intelliants Subrion 4.2.1
8.8
CVSSv3
CVE-2021-43464
A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().
Intelliants Subrion Cms 4.2.1
8.8
CVSSv3
CVE-2020-18326
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.
Intelliants Subrion Cms 4.2.1
1 Github repository
8.8
CVSSv3
CVE-2019-7357
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
Intelliants Subrion Cms 4.2.1
8.8
CVSSv3
CVE-2018-21037
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
Intelliants Subrion
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »