CVEDB API

Vulnerabilities

Vulnerable Software

Intelliants: >> Subrion Security Vulnerabilities

CVE-2024-25400

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.

CVSS Score

9.8

EPSS Score

0.004

Published

2024-02-27

CVE-2023-46947

Subrion 4.2.1 has a remote command execution vulnerability in the backend.

CVSS Score

8.8

EPSS Score

0.019

Published

2023-11-03

CVE-2023-43884

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.

CVSS Score

5.4

EPSS Score

0.002

Published

2023-09-28

CVE-2023-43828

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.

CVSS Score

5.4

EPSS Score

0.003

Published

2023-09-27

CVE-2023-43830

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.

CVSS Score

5.4

EPSS Score

0.003

Published

2023-09-27

CVE-2021-41948

A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".

CVSS Score

5.4

EPSS Score

0.002

Published

2022-04-29

CVE-2020-22330

Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.

CVSS Score

6.1

EPSS Score

0.002

Published

2021-08-06

CVE-2020-18155

SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.

CVSS Score

9.8

EPSS Score

0.003

Published

2021-07-14

CVE-2020-23761

Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.

CVSS Score

6.1

EPSS Score

0.004

Published

2021-04-09

CVE-2019-7356

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.

CVSS Score

5.4

EPSS Score

0.003

Published

2020-11-04

Page 1

Vulnerabilities

Vulnerable Software

Intelliants: >> Subrion Security Vulnerabilities

Products

Pricing

Contact Us