CVEDB API

Vulnerabilities

Vulnerable Software

Intelliants: >> Subrion Cms Security Vulnerabilities

CVE-2012-4772

SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.

CVSS Score

7.5

EPSS Score

0.033

Published

2012-10-22

CVE-2012-4773

Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.

CVSS Score

6.8

EPSS Score

0.065

Published

2012-10-22

CVE-2011-5211

Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452.

CVSS Score

4.3

EPSS Score

0.011

Published

2012-10-22

CVE-2011-5212

SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.

CVSS Score

7.5

EPSS Score

0.006

Published

2012-10-22

Page 4

Vulnerabilities

Vulnerable Software

Intelliants: >> Subrion Cms Security Vulnerabilities

Products

Pricing

Contact Us