Elitecms Elite_cms
17 CVEs affecting Elitecms Elite_cms. Latest disclosed: 2024-01-11. Critical: 13, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-30816 | Critical | 9.8 | 2022-06-02 | elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. |
CVE-2022-30815 | Critical | 9.8 | 2022-06-02 | elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= |
CVE-2022-30814 | Critical | 9.8 | 2022-06-02 | elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. |
CVE-2022-30813 | Critical | 9.8 | 2022-06-02 | elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. |
CVE-2022-30810 | Critical | 9.8 | 2022-06-02 | elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. |
CVE-2022-30809 | Critical | 9.8 | 2022-06-02 | elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. |
CVE-2022-30808 | Critical | 9.8 | 2022-06-02 | elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. |
CVE-2022-24222 | Critical | 9.8 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php. |
CVE-2022-24221 | Critical | 9.8 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php. |
CVE-2022-24220 | Critical | 9.8 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php. |
CVE-2022-24219 | Critical | 9.8 | 2022-02-01 | eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php. |
CVE-2021-46093 | Critical | 9.8 | 2022-02-01 | eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. |
CVE-2022-24218 | Critical | 9.1 | 2022-02-01 | An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. |
CVE-2023-42331 | High | 8.8 | 2023-09-20 | A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. |
CVE-2018-12250 | High | 7.2 | 2019-07-03 | An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection. |
CVE-2022-30804 | Medium | 6.5 | 2022-06-02 | elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. |
CVE-2022-40361 | Medium | 6.1 | 2024-01-11 | Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. |