Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cms — Vulnerabilities & Security Advisories 219

All 219 CVE vulnerabilities found in cms, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPublished
CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI CWE-1336 7.2AIHighAI2025-05-05
CVE-2025-32432 Craft CMS Allows Remote Code Execution CWE-94 10.0 Critical2025-04-25
CVE-2025-3534 PowerCreator CMS OpenPublicCourse.aspx sql injection CWE-89 6.3 Medium2025-04-13
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal CWE-22 4.3 Medium2025-04-04
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting CWE-79 2.4 Low2025-03-27
CVE-2025-2220 Odyssey CMS reCAPTCHA odyssey_contact_form.php key management CWE-320 3.3 Low2025-03-12
CVE-2025-1544 dingfanzu CMS loadShopInfo.php sql injection CWE-89 6.3 Medium2025-02-21
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms CWE-94 8.1 High2025-01-18
CVE-2024-13209 Redaxo CMS Structure Management Page index.php cross site scripting CWE-79 2.4 Low2025-01-09
CVE-2024-47920 Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 7.5 High2024-12-30
CVE-2024-47919 Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 9.8 Critical2024-12-30
CVE-2024-47918 Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-78 6.1 Medium2024-12-30
CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms CWE-94 9.8 -2024-12-18
CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload CWE-22 5.3 Medium2024-11-19
CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution CWE-22 8.5 High2024-11-13
CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files CWE-552 7.7 High2024-11-13
CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI CWE-22 7.2 High2024-11-13
CVE-2024-11175 Public CMS Voting Management save cross site scripting CWE-79 3.5 Low2024-11-13
CVE-2024-10761 Umbraco CMS Dashboard frame cross site scripting CWE-79 4.3 Medium2024-11-04
CVE-2024-9294 dingfanzu CMS saveNewPwd.php sql injection CWE-89 6.3 Medium2024-09-27
CVE-2024-45406 Craft CMS stored XSS in breadcrumb list and title fields CWE-80 5.5 Medium2024-09-09
CVE-2024-8303 dingfanzu CMS getBasicInfo.php sql injection CWE-89 6.3 Medium2024-08-29
CVE-2024-8302 dingfanzu CMS chpwd.php sql injection CWE-89 6.3 Medium2024-08-29
CVE-2024-8301 dingfanzu CMS checkin.php sql injection CWE-89 7.3 High2024-08-29
CVE-2024-7657 Gila CMS HTTP POST Request page cross site scripting CWE-79 3.5 Low2024-08-11
CVE-2024-7551 juzaweb CMS Theme Editor default path traversal CWE-22 2.7 Low2024-08-06
CVE-2024-7300 Bolt CMS Showcase Creation showcases cross site scripting CWE-79 3.5 Low2024-07-31
CVE-2024-7299 Bolt CMS Entry Preview page cross site scripting CWE-79 3.5 Low2024-07-31
CVE-2024-7106 Spina CMS media_folders cross-site request forgery CWE-352 4.3 Medium2024-07-25
CVE-2024-41800 Craft CMS Allows TOTP Token To Stay Valid After Use CWE-287 4.8 Medium2024-07-25

All 219 known CVE vulnerabilities affecting cms with full Chinese analysis, references, and POCs where available.