CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2011-5212 – SUBRION CMS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5212
22 Oct 2012 — SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. Vulnerabilidad de inyección SQL en admin/index.php en Subrion CMS v2.0.4 permite a atacantes remotos ejecutar comandos SQL a través de (1) el nombre de usuario o (2) el campo de contraseña. • https://www.exploit-db.com/exploits/17390 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 3CVE-2012-4772 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4772
22 Oct 2012 — SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. Vulnerabilidad de inyección SQL en register/ en Subrion CMS antes de v2.2.3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro plan_id. • https://www.exploit-db.com/exploits/22159 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2011-5211 – SUBRION CMS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5211
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo de encuestas en Subrion CMS v2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo de título (title). NOTA: algu... • https://www.exploit-db.com/exploits/17390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 4EXPL: 6CVE-2012-4773 – Subrion CMS 2.2.1 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2012-4773
22 Oct 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/. Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en Subrion CMS antes de v2.2.3, permite a atacantes remotos secuestrar la autenticación de los administradores en ... • https://www.exploit-db.com/exploits/21267 • CWE-352: Cross-Site Request Forgery (CSRF) •