Fork CMS version 3.8.3 suffers from a cross site scripting vulnerability.
46817a9716513fbf904cc210f681e8ee0de86e3cba3780ae82bde54b0f343ef9
VamCart CMS version 0.9 suffers from multiple cross site scripting vulnerabilities.
20b70ae83034a770d8f15b30a15883ea7321b714bb164532950b8650047e65d1
Reserve Logic Booking CMS version 1.2 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
1bcd167be1966e35fa668a2afcf28bee8301174dc1d4b0d98f66c88ee4769fb0
WebsitePanel CMS versions prior to 1.2.2.1 suffer from an open redirection vulnerability.
f3d18a3cdffa39c307617de82222186276ef53444e6663c5f876e672f7f6a760
This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.
a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
CLscript CMS version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
8635091a03cadff818ef882b8c084b7b4a9bae7ba416e78dcb8b0dba8b1a1761
Event Script PHP CMS version 1.1 suffers from multiple remote SQL injection vulnerabilities.
b4ea2c8291eef176dcb4692e33a55c32bca11c42097bbc2d66d036a17833ef60
Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Minishop plugin for gpEasy CMS, which can be exploited by malicious users to conduct script insertion attacks.
313b179aea0633f46397ceea096800641b76bb58f71189ba768a98ae22632eb1
Secunia Security Advisory - Multiple vulnerabilities have been discovered in MBB CMS, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and SQL injection attacks.
3f2e29e8282e0bb0cdfba3ff6681661cd3c828914b36cb6936bdee445d5231e4
Tiki Wiki CMS Groupware versions 8.3 and below suffer from an unserialize() PHP code execution vulnerability.
1131c8a6485c082585a271f33d7953e4f5c4c0779bc61c2352ed14fa8c3a700a
gp Easy CMS with Minishop plugin version 1.5 suffers from a persistent cross site scripting vulnerability.
6d4b62f9487a164867af96f8d469b70aabc6091f5ecec316b4a62639a6cb766b
CMS MBB version 0.0.3 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
f8115ab5262866df0a5eae163876f8c327672e68afc452e1ad5591d558ae9c5f
Hong Kong Firms CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6810a857bdaa9282f31993bb7bbad89edeb6aa57a3b19f0962d31538d7fb6c0f
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in Magix CMS, which can be exploited by malicious people to compromise a vulnerable system.
f7c54d574bc10c94bd493fbf54976f8365de0b8ad4ba1d833d1faaafe1160765
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Items Manager plugin for GetSimple CMS, which can be exploited by malicious people to compromise a vulnerable system.
bac3348b2a4f3591e49f5a2cf12251641e00d52ca7be21a7931e5738f34470c1
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in Magix CMS, which can be exploited by malicious people to compromise a vulnerable system.
301312788841890dc2d172a124ba4bf5b84eb9e792dbd55e66684929b368583f
JAKCMS version 2.2.6 suffers from a remote shell upload vulnerability.
8979837fbdfb46b12bd7cad18d277dc1d78e57253e57f5b607581b9edb59d77e
Lidosys CMS suffers from remote SQL injection and information disclosure vulnerabilities.
aed75f9b422d398ddc8a3bc152ec5a54b7aa049ce7c63239350a7471edf79f3c
Secunia Security Advisory - MustLive has reported a vulnerability in LIOOSYS CMS, which can be exploited by malicious people to conduct SQL injection attacks.
393c91e18023985823f995873fb19a756d7936f1767d9fb52a4501077ca71355
Secunia Security Advisory - A vulnerability has been discovered in Monstra CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
265c7b5dcba3142e383147478c9ad171f9141885ab1eaea0928cf8a5cbbffcea
Monstra CMS version 1.1.6 suffers from a cross site request forgery vulnerability.
731af584c0e15ee24021912c4c439fb486a533ce3eb3f64e31912a90faa9b533
CMS Schoolhos version 2.29 suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.
8c52b0a930e74fc8e99a43dc214d1d9ad81e8f6781510fc34a208b1871870548
Autopagina CMS version 2.8 suffers from a remote SQL injection vulnerability.
a563a2bdda1882cafa89faf3ca21ba53255d47d50c45f1edde7b0866d86b906f
Wolf CMS / Frog CMS BD uploadR third party module suffers from an unauthenticated remote shell upload vulnerability.
7862b280d447ca7cc95905170c85512b0e3708ccdf66616a1a377cdd51241072
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Lokomedia CMS, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and script insertion attacks.
bf0c6825aed03c3ad710fc3cbbb6924505fe0d28836a01016a17c64d63392145
CMS DMS-Easy version 0.9.8 suffers from cross site request forgery, file disclosure, add administrator, and remote shell upload vulnerabilities.
7bcf5e1148964c841fe99106d5c5a057887f28fa0dd89c2797b40562b95b703a