CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42616
https://notcve.org/view.php?id=CVE-2024-42616
20 Aug 2024 — Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics • https://github.com/jinwu1234567890/cms2/tree/main/13/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42617
https://notcve.org/view.php?id=CVE-2024-42617
20 Aug 2024 — Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32 • https://github.com/jinwu1234567890/cms2/tree/main/11/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42618
https://notcve.org/view.php?id=CVE-2024-42618
20 Aug 2024 — Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma • https://github.com/jinwu1234567890/cms2/tree/main/16/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42621
https://notcve.org/view.php?id=CVE-2024-42621
20 Aug 2024 — Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php • https://github.com/jinwu1234567890/cms2/tree/main/12/readme.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-37677
https://notcve.org/view.php?id=CVE-2023-37677
25 Jul 2023 — Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. Se ha descubierto una vulnerabilidad en Pligg CMS v2.0.2 (también conocido como Kliqqi) que permite la ejecución de código remoto en el componente "admin_editor.php". • https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/264 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34956
https://notcve.org/view.php?id=CVE-2022-34956
02 Aug 2022 — Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. Se ha detectado que Pligg CMS versión v2.0.2, contiene una vulnerabilidad de inyección SQL basada en el tiempo por medio del parámetro page_size en el archivo load_data_for_groups.php • https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/261 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34955
https://notcve.org/view.php?id=CVE-2022-34955
02 Aug 2022 — Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. Se ha detectado que Pligg CMS versión v2.0.2, contiene una vulnerabilidad de inyección SQL basada en el tiempo por medio del parámetro page_size en el archivo load_data_for_topusers.php • https://github.com/Kliqqi-CMS/Kliqqi-CMS/issues/261 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 6%CPEs: 1EXPL: 1CVE-2020-25287
https://notcve.org/view.php?id=CVE-2020-25287
13 Sep 2020 — Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. Pligg versión 2.0.3, permite a usuarios autenticados remotos ejecutar comandos arbitrarios porque el editor de plantillas puede editar cualquier archivo, como es demostrado por una petición the_file=..%2Findex.php&open=Open del archivo admin/admin_editor.php • https://github.com/jenaye/pligg/blob/master/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-6655 – Pligg CMS 2.0.2 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2015-6655
25 Aug 2015 — Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php. Vulnerabilidad de CSRF en Pligg CMS 2.0.2, permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que añaden un administrador a través de una petición a admin/admin_users.php. Pligg CMS version 2.0.2 suffers from a cross site request forgery vulnerabi... • https://packetstorm.news/files/id/133299 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2014-9096 – Pligg CMS 2.0.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9096
26 Nov 2014 — Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter. Múltiples vulnerabilidades de inyección SQL en recover.php en Pligg CMS 2.0.1 y anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) id o (2) n. • https://www.exploit-db.com/exploits/34168 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •