CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 1CVE-2012-2435
https://notcve.org/view.php?id=CVE-2012-2435
27 May 2012 — Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks. Vulnerabilidad de directorio transversal en el módulo captcha en Pligg CMS anterior a v1.2.2 permite a usuarios remotos autenticados incluir y ejecutar ficheros locales arbitrarios a través de .. (punto punto) en el parámetro capt... • http://forums.pligg.com/downloads.php?do=file&id=15 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 3%CPEs: 24EXPL: 1CVE-2012-2436 – Pligg CMS 1.x - 'module.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2436
27 May 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module. Múltiples vulnerabi... • https://www.exploit-db.com/exploits/37311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2012-2936
https://notcve.org/view.php?id=CVE-2012-2936
27 May 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to (c) admin/admin_index.php. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Pligg CMS anterior a v1.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a travé... • http://forums.pligg.com/downloads.php?do=file&id=15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0CVE-2012-2937
https://notcve.org/view.php?id=CVE-2012-2937
27 May 2012 — Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module. Múltiples vulnerabilidades de inyección SQL en Pligg CMS anterior a v1.2.2 permite a atacantes remotos ejecutar comandos arbitrarios SQL ... • http://forums.pligg.com/downloads.php?do=file&id=15 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2011-3986
https://notcve.org/view.php?id=CVE-2011-3986
03 Nov 2011 — Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Pligg anteriores a v1.2.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no identificados. • http://jvn.jp/en/jp/JVN04013920/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2009-4786
https://notcve.org/view.php?id=CVE-2009-4786
21 Apr 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Pligg anterior a v1.0.3, permite a atacantes remotos inyectar s... • http://holisticinfosec.org/content/view/130/45 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2009-4788
https://notcve.org/view.php?id=CVE-2009-4788
21 Apr 2010 — Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/login.php and the (2) HTTP Referer header to user_settings.php. Vulnerabilidad involuntaria de redirección en Pligg v1.0.2 y anteriores, permite a atacantes remotos redirigir a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través del parámetro (1) "return" a pligg/login.php y la cabece... • http://holisticinfosec.org/content/view/130/45 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6968 – Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
https://notcve.org/view.php?id=CVE-2008-6968
13 Aug 2009 — Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. Vulnerabilidad múltiple de inyección SQL en submit.php en Pligg CMS v9.9.5 permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través de los parámetros (1) category y (2) id. • https://www.exploit-db.com/exploits/6173 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5739 – Pligg 9.9.5b - Arbitrary File Upload / SQL Injection
https://notcve.org/view.php?id=CVE-2008-5739
26 Dec 2008 — SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. Vulnerabilidad de inyección SQL en evb/check_url.php en Pligg CMS 9.9.5 Beta permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro url. • https://www.exploit-db.com/exploits/7544 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3572
https://notcve.org/view.php?id=CVE-2008-3572
10 Aug 2008 — Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en index.php en Pligg 9.9.5, permite a atacantes remotos inyectar4 secuencias de comandos web o HTML de su elección a través del parámetro "category" (categoría). • http://marc.info/?l=bugtraq&m=121769609623356&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •