Vulnerabilities for Popojicms (...) - CXSECURITY.COM

Vulnerabilities for 'Popojicms'

2021-08-25

CVE-2020-19547

CWE-22

Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php.

CVE-2021-28070

CWE-352

Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete.

2021-08-06

CVE-2020-21356

CWE-668

An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.

CVE-2020-21357

CWE-79

A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field.

2019-11-07

CVE-2019-18816

CWE-79

po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.

CVE-2019-18815

CWE-601

PopojiCMS 2.0.1 allows refer= Open Redirection.

2019-03-03

CVE-2019-9549

CWE-352

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.

2018-11-05

CVE-2018-18936

CWE-22

An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.

CVE-2018-18935

CWE-352

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.

CVE-2018-18934

CWE-434

An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF.

Copyright 2024, cxsecurity.com