CVE-2025-1105
- EPSS 0.07%
- Veröffentlicht 07.02.2025 18:15:28
- Zuletzt bearbeitet 04.11.2025 19:47:45
A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cros...
CVE-2024-41702
- EPSS 0.19%
- Veröffentlicht 30.07.2024 10:15:02
- Zuletzt bearbeitet 21.11.2024 09:33:00
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-39377
- EPSS 0.35%
- Veröffentlicht 27.09.2023 15:18:56
- Zuletzt bearbeitet 21.11.2024 08:15:16
SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method
CVE-2023-39378
- EPSS 0.12%
- Veröffentlicht 27.09.2023 15:18:56
- Zuletzt bearbeitet 21.11.2024 08:15:16
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user
CVE-2023-39375
- EPSS 0.15%
- Veröffentlicht 27.09.2023 15:18:55
- Zuletzt bearbeitet 21.11.2024 08:15:16
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
CVE-2023-39376
- EPSS 0.08%
- Veröffentlicht 27.09.2023 15:18:55
- Zuletzt bearbeitet 21.11.2024 08:15:16
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network
CVE-2017-6906
- EPSS 0.21%
- Veröffentlicht 15.03.2017 00:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "SiberianCMS-master/errors/500.php" URL. An attacker could execute arbitrary HTML and script cod...