CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43724
https://notcve.org/view.php?id=CVE-2021-43724
23 Feb 2022 — A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Subrion CMS versiones hasta 4.2.1, en la funcionalidad Create Page de la Cuenta del administrador por medio de un archivo SGV • https://github.com/intelliants/subrion/issues/890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2017-11444
https://notcve.org/view.php?id=CVE-2017-11444
19 Jul 2017 — Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. Subrion CMS anterior a versión 4.1.5.10, presenta una vulnerabilidad de inyección SQL en el archivo /front/search.php por medio de la matriz $_GET. • https://github.com/intelliants/subrion/issues/479 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11445
https://notcve.org/view.php?id=CVE-2017-11445
19 Jul 2017 — Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. Subrion CMS anterior a versión 4.1.6, presenta una vulnerabilidad de inyección SQL en el archivo /front/actions.php por medio de la matriz $_POST. • https://github.com/intelliants/subrion/issues/480 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4129
https://notcve.org/view.php?id=CVE-2015-4129
05 Jul 2015 — SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. Vulnerabilidad de inyección SQL en Subrion CMS anterior a 3.3.3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de datos serializados modificados en una cookie salt. • http://www.kb.cert.org/vuls/id/110532 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 1%CPEs: 4EXPL: 4CVE-2012-4771 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4771
22 Oct 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Subrion CMS antes de v2.2.3, permi... • https://www.exploit-db.com/exploits/22159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2011-5212 – SUBRION CMS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5212
22 Oct 2012 — SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. Vulnerabilidad de inyección SQL en admin/index.php en Subrion CMS v2.0.4 permite a atacantes remotos ejecutar comandos SQL a través de (1) el nombre de usuario o (2) el campo de contraseña. • https://www.exploit-db.com/exploits/17390 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 3CVE-2012-4772 – subrion CMS 2.2.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4772
22 Oct 2012 — SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. Vulnerabilidad de inyección SQL en register/ en Subrion CMS antes de v2.2.3, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro plan_id. • https://www.exploit-db.com/exploits/22159 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2011-5211 – SUBRION CMS - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5211
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo de encuestas en Subrion CMS v2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo de título (title). NOTA: algu... • https://www.exploit-db.com/exploits/17390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 4%CPEs: 4EXPL: 6CVE-2012-4773 – Subrion CMS 2.2.1 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2012-4773
22 Oct 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/. Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en Subrion CMS antes de v2.2.3, permite a atacantes remotos secuestrar la autenticación de los administradores en ... • https://www.exploit-db.com/exploits/21267 • CWE-352: Cross-Site Request Forgery (CSRF) •