Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CMS — Vulnerabilities & Security Advisories 227

All 227 CVE vulnerabilities found in CMS, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of Common Weakness Enumeration (CWE) vulnerabilities affecting the CMS product category. It serves as a centralized resource for tracking security issues across various Content Management Systems, offering insights into the most prevalent weakness types and their impact on different implementations. The content on this page collects reported vulnerabilities spanning from the early 2000s to the present day, covering a wide historical range of security incidents. It aggregates data from multiple vendors and open-source projects, ensuring a broad perspective on the evolving threat landscape for content management platforms. By compiling these records, the page highlights trends in coding errors, configuration mistakes, and design flaws that have been exploited or identified over time. Here, users can discover how to track a specific vendor's security advisories to stay informed about recent patches and known issues. Additionally, the page allows for a deeper understanding of a particular weakness class by showing its frequency and severity across different CMS environments. Users can also look up a product's vulnerability history to assess its long-term security posture and compare it against industry benchmarks. This structured approach aids security professionals, developers, and auditors in making informed decisions regarding risk management and remediation strategies for their content management systems.

Vendor: Mambo

CVE IDTitleCVSSSeverityPublished
CVE-2025-5424 juzaweb CMS Media Page media access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5423 juzaweb CMS General Setting Page general access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5422 juzaweb CMS Email Logs Page email access control CWE-284 4.3 Medium2025-06-02
CVE-2025-5421 juzaweb CMS Plugin Editor Page editor access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5420 juzaweb CMS Profile Page upload cross site scripting CWE-79 3.5 Low2025-06-02
CVE-2025-5383 Yifang CMS Article Management Module cross site scripting CWE-79 2.4 Low2025-05-31
CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal CWE-22 2.7 Low2025-05-31
CVE-2025-35939 Craft CMS stores user-provided content in session files CWE-472 5.3 Medium2025-05-07
CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI CWE-1336 7.2AIHighAI2025-05-05
CVE-2025-32432 Craft CMS Allows Remote Code Execution CWE-94 10.0 Critical2025-04-25
CVE-2025-3534 PowerCreator CMS OpenPublicCourse.aspx sql injection CWE-89 6.3 Medium2025-04-13
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal CWE-22 4.3 Medium2025-04-04
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting CWE-79 2.4 Low2025-03-27
CVE-2025-2220 Odyssey CMS reCAPTCHA odyssey_contact_form.php key management CWE-320 3.3 Low2025-03-12
CVE-2025-1544 dingfanzu CMS loadShopInfo.php sql injection CWE-89 6.3 Medium2025-02-21
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms CWE-94 8.1 High2025-01-18
CVE-2024-13209 Redaxo CMS Structure Management Page index.php cross site scripting CWE-79 2.4 Low2025-01-09
CVE-2024-47920 Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 7.5 High2024-12-30
CVE-2024-47919 Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 9.8 Critical2024-12-30
CVE-2024-47918 Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-78 6.1 Medium2024-12-30
CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms CWE-94 9.8 -2024-12-18
CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload CWE-22 5.3 Medium2024-11-19
CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution CWE-22 8.5 High2024-11-13
CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files CWE-552 7.7 High2024-11-13
CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI CWE-22 7.2 High2024-11-13
CVE-2024-11175 Public CMS Voting Management save cross site scripting CWE-79 3.5 Low2024-11-13
CVE-2024-10761 Umbraco CMS Dashboard frame cross site scripting CWE-79 4.3 Medium2024-11-04
CVE-2024-9294 dingfanzu CMS saveNewPwd.php sql injection CWE-89 6.3 Medium2024-09-27
CVE-2024-45406 Craft CMS stored XSS in breadcrumb list and title fields CWE-80 5.5 Medium2024-09-09
CVE-2024-8303 dingfanzu CMS getBasicInfo.php sql injection CWE-89 6.3 Medium2024-08-29

All 227 known CVE vulnerabilities affecting CMS with full Chinese analysis, references, and POCs where available.