XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system.
141922e324fd21737d323eaed2f53c7bc972900273dfc3e19ea72c0648544233
XenForo versions 2.2.15 and below suffer from a cross site request forgery vulnerability in Widget::actionSave.
a2e0e2c93fd20ac00f325a1d77c282bae74c903affae30dd55518d5333641874
XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.
5deccbdac2cfe207ec995833b611569397b53b3acedb61fbd211edfe7bb16b0d
Xenforo version 2.2.13 suffers from a persistent cross site scripting vulnerability.
f5d2f804109cb0eeef8387c640405b6f7f8dc548ab7656e5c0750cbeed8641d3
Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives.
3659bb2a193b54ec58750cfb109d9f00cfd739f7828d6a6d4fdff0e0ff2be911
ImpressCMS versions 1.4.3 and below suffer from a remote SQL injection vulnerability.
fb068f3b5b726ef7f6497f8040c8f0b94fc6749a1851c9e7f05fdbae0ca41fa0
ImpressCMS versions 1.4.2 and below suffer from an incorrect access control vulnerability.
4b55169e7ddd7a9da312a1bb940bbd4357b7a28a5e228523903848b5c2e04d5f
ImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.
54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4
ImpressCMS versions 1.4.2 and below suffer from an authentication bypass vulnerability.
d8dfe7df740ddc2041569cf9735ee4180779ccae9c55e66d12ed7119dce09379
Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.
4737c6d7d22010e52296503aaa366abc55f04d975b7b1fd092c8c80e1a164e8a
IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.
392b40ad40c330e4deb04c99f4ff988666d96d0c4e3c606a17ec99241047911a
ExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
194597ced97a35c6d247729d6a66efa739186e83e8e19c865571433ee7b78ee3
docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.
660d129dcc87aa67615bb840ba7c6f92bff103f112e67bbd1690a0f2d2193057
IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.
91f17358440b97a2cdf9126200c78d2bfdc16a8200647806ddf3ac379ef0d629
qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
b112518046e2d985fa9df4e1d428c12274ab5e4bf070ee7383978e0a73695f45
XenForo version 2.1.0 Patch 2 suffers from a cross site scripting vulnerability.
dc51a83e717b75116c25528d1b3a8342dafcd2220bbfe77a7e2298e2a0ad11cf
openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.
400d9b74c5924b238ccb88c1968e13b4640183baf55f44521ab902c275f4c1d9
openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.
e7161d7a2b2b5f3b74f9ce9373cde1c623bb264344142c67862680b20c2bfee5
openSIS versions 7.4 and below suffer from an access bypass vulnerability.
de18d17ff15947139e2907c1c51bf51af6d549555d04403c26002b9a0c85a3af
SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.
6d0664ee294d9c0e355362341a51a1fb0526746a2bbe5d841ef37520620739c4
SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.
bf17496e890701853063b6c0ff76d7e4c10126a589c0ff3f257def2dcf623ee6
SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.
2180571bb1e2260ae7306d067b16cfbedbc9933b8f3852afefaabda12b8e98f8
SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.
6635b4d98132797e97d5f7beb1446ac64f1d1b045f58dd11a4416288eebcbc03
SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.
0b39b583ac4c6a3f164f129018fb829ea101106ca187de455b16329ca19a3403
YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.
5d71aceec19133413eee8c6f4b44fc22997703a0b913eb7cb5f88539b50f03f1
SugarCRM versions 9.0.1 and below suffer from multiple phar deserialization vulnerabilities.
711e401e10751d14106c7d0d10801ee4abc8af0fdc7d9ced190af9f40bd8b2b6