Abocms: Security Vulnerabilities
The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-11
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-03-15
A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-01-17
Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-17
SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-01-06