Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fork_cms
(Fork\-Cms)| Repositories | https://github.com/forkcms/forkcms |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-07 | CVE-2021-28931 | Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. | Fork_cms | 8.8 | ||
| 2021-05-06 | CVE-2020-23263 | Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add. | Fork_cms | 6.1 | ||
| 2021-05-06 | CVE-2020-23264 | Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators. | Fork_cms | 8.8 | ||
| 2020-05-27 | CVE-2020-13633 | Fork before 5.8.3 allows XSS via navigation_title or title. | Fork_cms | N/A | ||
| 2020-02-08 | CVE-2014-9470 | Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | Fork_cms | N/A | ||
| 2019-08-26 | CVE-2019-15521 | Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. | Fork_cms, Spoon_library | 9.8 | ||
| 2018-01-04 | CVE-2018-5215 | Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | Fork_cms | 5.4 | ||
| 2019-01-09 | CVE-2018-20682 | Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). | Fork_cms | 5.4 | ||
| 2018-10-02 | CVE-2018-17595 | In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | Fork_cms | 6.1 | ||
| 2015-02-06 | CVE-2015-1467 | Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index. | Fork_cms | N/A |