Shodan
Vulnerabilities
Vulnerable Software
Intelliants:  >> Subrion  >> 4.2.1  Security Vulnerabilities
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-05-15
CVE-2019-20390
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-05-15
CVE-2020-12469
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-29
CVE-2020-12467
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-04-29
CVE-2020-12468
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-04-29
CVE-2019-17225
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-10-06
CVE-2018-15563
_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-02
CVE-2018-16327
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-01
CVE-2018-14840
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
CVSS Score
6.1
EPSS Score
0.035
Published
2018-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved