RSS   Podatności dla 'Popojicms'   RSS

2021-08-25
 
CVE-2020-19547

CWE-22
 

 
Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php.

 
 
CVE-2021-28070

CWE-352
 

 
Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete.

 
2021-08-06
 
CVE-2020-21356

CWE-668
 

 
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads.

 
 
CVE-2020-21357

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in /admin.php?mod=user&act=addnew of PopojiCMS 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the E-Mail field.

 
2019-11-07
 
CVE-2019-18816

CWE-79
 

 
po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.

 
 
CVE-2019-18815

CWE-601
 

 
PopojiCMS 2.0.1 allows refer= Open Redirection.

 
2019-03-03
 
CVE-2019-9549

CWE-352
 

 
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.

 
2018-11-05
 
CVE-2018-18936

CWE-22
 

 
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter.

 
 
CVE-2018-18935

CWE-352
 

 
An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.

 
 
CVE-2018-18934

CWE-434
 

 
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF.

 


Copyright 2024, cxsecurity.com

 

Back to Top