Pyrocms: >> Pyrocms Security Vulnerabilities
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
CVSS Score
9.8
EPSS Score
0.64
Published
2023-08-04
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
CVSS Score
9.0
EPSS Score
0.001
Published
2022-11-25
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-01
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-10-08
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-10-08