Shodan
Vulnerabilities
Vulnerable Software
Croogo:  Security Vulnerabilities
CVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-26
CVE-2024-29643
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-04-18
CVE-2021-44673
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
CVSS Score
8.8
EPSS Score
0.035
Published
2022-03-10
CVE-2019-20789
Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-04-26
CVE-2019-7168
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
CVE-2019-7170
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
CVE-2019-7171
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
CVE-2019-7173
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-29
CVE-2017-1000510
Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved