Filtered by vendor Easycms
Subscribe
Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23358 | 1 Easycms | 1 Easycms | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. | |||||
CVE-2020-24271 | 1 Easycms | 1 Easycms | 2021-02-05 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | |||||
CVE-2019-6294 | 1 Easycms | 1 Easycms | 2019-01-16 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EasyCMS 1.5. There is CSRF via the index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI. | |||||
CVE-2018-16345 | 1 Easycms | 1 Easycms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | |||||
CVE-2018-17113 | 1 Easycms | 1 Easycms | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | |||||
CVE-2018-16759 | 1 Easycms | 1 Easycms | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | |||||
CVE-2018-16773 | 1 Easycms | 1 Easycms | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | |||||
CVE-2018-12971 | 1 Easycms | 1 Easycms | 2018-08-20 | 5.8 MEDIUM | 6.5 MEDIUM |
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users. | |||||
CVE-2018-10374 | 1 Easycms | 1 Easycms | 2018-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. |