CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11445
https://notcve.org/view.php?id=CVE-2017-11445
19 Jul 2017 — Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. Subrion CMS anterior a versión 4.1.6, presenta una vulnerabilidad de inyección SQL en el archivo /front/actions.php por medio de la matriz $_POST. • https://github.com/intelliants/subrion/issues/480 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6013
https://notcve.org/view.php?id=CVE-2017-6013
27 Mar 2017 — Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. Subrion CMS 4.0.5.10 tiene inyección de SQL en admin/database/ a través del parámetro query. • http://www.securityfocus.com/bid/97093 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6069
https://notcve.org/view.php?id=CVE-2017-6069
27 Mar 2017 — Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. Subrion CMS 4.0.5 tiene CSRF en admin/blog/add/. El atacante puede añadir cualquier etiqueta y opcionalmente puede insertar XSS a través del parámetro tags. • http://www.securityfocus.com/bid/97196 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6002
https://notcve.org/view.php?id=CVE-2017-6002
27 Mar 2017 — Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. Subrion CMS 4.0.5.10 tiene CSRF en admin/blog/add/. El atacante puede añadir cualquier entrada de blog y opcionalmente puede insertar XSS dentro de una entrada a través del parámetro body. • http://www.yiwang6.cn/Subrion.docx • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6068
https://notcve.org/view.php?id=CVE-2017-6068
27 Mar 2017 — Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. Subrion CMS 4.0.5 tiene CSRF en admin/blocks/add/. El atacante puede crear cualquier bloque y opcionalmente puede insertar XSS a través del parámetro content. • http://www.securityfocus.com/bid/97091 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6066
https://notcve.org/view.php?id=CVE-2017-6066
27 Mar 2017 — Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. Subrion CMS 4.0.5 tiene CSRF en admin/languages/edit/1/. El atacante puede llevar a cabo cualquier acción Edit Language y opcionalmente puede insertar XSS a través del parámetro title. • http://www.securityfocus.com/bid/97087 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4129
https://notcve.org/view.php?id=CVE-2015-4129
05 Jul 2015 — SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. Vulnerabilidad de inyección SQL en Subrion CMS anterior a 3.3.3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos serializados modificados en una cookie salt. • http://www.kb.cert.org/vuls/id/110532 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 1%CPEs: 4EXPL: 4CVE-2012-4771 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4771
22 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Subrion CMS antes de v2.2.3, permi... • https://www.exploit-db.com/exploits/22159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2012-5452 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-5452
22 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[ac... • https://www.exploit-db.com/exploits/22159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2011-5212 – SUBRION CMS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5212
22 Oct 2012 — SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. Vulnerabilidad de inyección SQL en admin/index.php en Subrion CMS v2.0.4 permite a atacantes remotos ejecutar comandos SQL a través de (1) el nombre de usuario o (2) el campo de contraseña. • https://www.exploit-db.com/exploits/17390 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •