NotCVE - vendor:"Intelliants" product:"Subrion Cms" version:" <= 4.2.1"

Page 3 of 34 results (0.012 seconds)

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1

CVE-2017-11444

https://notcve.org/view.php?id=CVE-2017-11444

19 Jul 2017 — Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. Subrion CMS anterior a versión 4.1.5.10, presenta una vulnerabilidad de inyección SQL en el archivo /front/search.php por medio de la matriz $_GET. • https://github.com/intelliants/subrion/issues/479 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-11445

https://notcve.org/view.php?id=CVE-2017-11445

19 Jul 2017 — Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. Subrion CMS anterior a versión 4.1.6, presenta una vulnerabilidad de inyección SQL en el archivo /front/actions.php por medio de la matriz $_POST. • https://github.com/intelliants/subrion/issues/480 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-6013

https://notcve.org/view.php?id=CVE-2017-6013

27 Mar 2017 — Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. Subrion CMS 4.0.5.10 tiene inyección de SQL en admin/database/ a través del parámetro query. • http://www.securityfocus.com/bid/97093 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-6069

https://notcve.org/view.php?id=CVE-2017-6069

27 Mar 2017 — Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter. Subrion CMS 4.0.5 tiene CSRF en admin/blog/add/. El atacante puede añadir cualquier etiqueta y opcionalmente puede insertar XSS a través del parámetro tags. • http://www.securityfocus.com/bid/97196 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-6002

https://notcve.org/view.php?id=CVE-2017-6002

27 Mar 2017 — Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter. Subrion CMS 4.0.5.10 tiene CSRF en admin/blog/add/. El atacante puede añadir cualquier entrada de blog y opcionalmente puede insertar XSS dentro de una entrada a través del parámetro body. • http://www.yiwang6.cn/Subrion.docx • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-6068

https://notcve.org/view.php?id=CVE-2017-6068

27 Mar 2017 — Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter. Subrion CMS 4.0.5 tiene CSRF en admin/blocks/add/. El atacante puede crear cualquier bloque y opcionalmente puede insertar XSS a través del parámetro content. • http://www.securityfocus.com/bid/97091 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-6066

https://notcve.org/view.php?id=CVE-2017-6066

27 Mar 2017 — Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter. Subrion CMS 4.0.5 tiene CSRF en admin/languages/edit/1/. El atacante puede llevar a cabo cualquier acción Edit Language y opcionalmente puede insertar XSS a través del parámetro title. • http://www.securityfocus.com/bid/97087 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-4129

https://notcve.org/view.php?id=CVE-2015-4129

05 Jul 2015 — SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. Vulnerabilidad de inyección SQL en Subrion CMS anterior a 3.3.3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos serializados modificados en una cookie salt. • http://www.kb.cert.org/vuls/id/110532 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 1%CPEs: 4EXPL: 4

CVE-2012-4771 – subrion CMS 2.2.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-4771

22 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Subrion CMS antes de v2.2.3, permi... • https://www.exploit-db.com/exploits/22159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4

CVE-2012-5452 – subrion CMS 2.2.1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-5452

22 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[ac... • https://www.exploit-db.com/exploits/22159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4