Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Popojicms Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-47766 1 Popojicms 1 Popojicms 2023-01-25 N/A 8.8 HIGH
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.
CVE-2020-18065 1 Popojicms 1 Popojicms 2021-09-07 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu.
CVE-2021-28070 1 Popojicms 1 Popojicms 2021-08-30 4.3 MEDIUM 4.3 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete.
CVE-2020-19547 1 Popojicms 1 Popojicms 2021-08-30 4.0 MEDIUM 6.5 MEDIUM
Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php.
CVE-2020-21356 1 Popojicms 1 Popojicms 2021-08-13 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.
CVE-2020-21357 1 Popojicms 1 Popojicms 2021-08-12 4.3 MEDIUM 6.1 MEDIUM
A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field.
CVE-2019-18816 1 Popojicms 1 Popojicms 2019-11-08 4.3 MEDIUM 6.1 MEDIUM
po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.
CVE-2019-18815 1 Popojicms 1 Popojicms 2019-11-08 5.8 MEDIUM 6.1 MEDIUM
PopojiCMS 2.0.1 allows refer= Open Redirection.
CVE-2019-9549 1 Popojicms 1 Popojicms 2019-03-04 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.
CVE-2018-18934 1 Popojicms 1 Popojicms 2018-12-11 7.5 HIGH 9.8 CRITICAL
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF.
CVE-2018-18936 1 Popojicms 1 Popojicms 2018-12-11 6.4 MEDIUM 7.5 HIGH
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.
CVE-2018-18935 1 Popojicms 1 Popojicms 2018-12-10 6.8 MEDIUM 8.8 HIGH
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.