Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

cms — Vulnerabilities & Security Advisories 213

All 213 CVE vulnerabilities found in cms, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPaused
CVE-2025-1544 dingfanzu CMS loadShopInfo.php sql injection CWE-89 6.3 Medium2025-02-21
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms CWE-94 8.1 High2025-01-18
CVE-2024-13209 Redaxo CMS Structure Management Page index.php cross site scripting CWE-79 2.4 Low2025-01-09
CVE-2024-47920 Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 7.5 High2024-12-30
CVE-2024-47919 Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 9.8 Critical2024-12-30
CVE-2024-47918 Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-78 6.1 Medium2024-12-30
CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms CWE-94 9.8 -2024-12-18
CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload CWE-22 5.3 Medium2024-11-19
CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution CWE-22 8.5 High2024-11-13
CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files CWE-552 7.7 High2024-11-13
CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI CWE-22 7.2 High2024-11-13
CVE-2024-11175 Public CMS Voting Management save cross site scripting CWE-79 3.5 Low2024-11-13
CVE-2024-10761 Umbraco CMS Dashboard frame cross site scripting CWE-79 4.3 Medium2024-11-04
CVE-2024-9294 dingfanzu CMS saveNewPwd.php sql injection CWE-89 6.3 Medium2024-09-27
CVE-2024-45406 Craft CMS stored XSS in breadcrumb list and title fields CWE-80 5.5 Medium2024-09-09
CVE-2024-8303 dingfanzu CMS getBasicInfo.php sql injection CWE-89 6.3 Medium2024-08-29
CVE-2024-8302 dingfanzu CMS chpwd.php sql injection CWE-89 6.3 Medium2024-08-29
CVE-2024-8301 dingfanzu CMS checkin.php sql injection CWE-89 7.3 High2024-08-29
CVE-2024-7657 Gila CMS HTTP POST Request page cross site scripting CWE-79 3.5 Low2024-08-11
CVE-2024-7551 juzaweb CMS Theme Editor default path traversal CWE-22 2.7 Low2024-08-06
CVE-2024-7300 Bolt CMS Showcase Creation showcases cross site scripting CWE-79 3.5 Low2024-07-31
CVE-2024-7299 Bolt CMS Entry Preview page cross site scripting CWE-79 3.5 Low2024-07-31
CVE-2024-7106 Spina CMS media_folders cross-site request forgery CWE-352 4.3 Medium2024-07-25
CVE-2024-41800 Craft CMS Allows TOTP Token To Stay Valid After Use CWE-287 4.8 Medium2024-07-25
CVE-2024-7065 Spina CMS cross-site request forgery CWE-352 4.3 Medium2024-07-24
CVE-2024-6947 Flute CMS Notification ContentParser.php replaceContent code injection CWE-94 4.7 Medium2024-07-21
CVE-2024-6946 Flute CMS list code injection CWE-94 4.7 Medium2024-07-21
CVE-2024-6945 Flute CMS Avatar Upload Page ImagesController.php unrestricted upload CWE-434 6.3 Medium2024-07-21
CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms CWE-312 1.8 Low2024-05-30
CVE-2024-3311 Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal CWE-22 6.3 Medium2024-04-04

All 213 known CVE vulnerabilities affecting cms with full Chinese analysis, references, and POCs where available.