Vulnerabilities > Intelliants > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-46947 | Code Injection vulnerability in Intelliants Subrion 4.2.1 Subrion 4.2.1 has a remote command execution vulnerability in the backend. | 8.8 |
| 2022-04-04 | CVE-2021-43464 | Unspecified vulnerability in Intelliants Subrion CMS 4.2.1 A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval(). | 8.8 |
| 2022-03-04 | CVE-2020-18326 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1 Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. | 8.8 |
| 2021-10-08 | CVE-2021-41947 | SQL Injection vulnerability in Intelliants Subrion CMS 4.2.1 A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. | 7.2 |
| 2020-11-10 | CVE-2019-7357 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. | 8.8 |
| 2020-05-15 | CVE-2019-20390 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion 4.2.1 A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. | 8.1 |
| 2020-04-29 | CVE-2020-12468 | Unspecified vulnerability in Intelliants Subrion 4.2.1 Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. | 7.8 |
| 2020-03-17 | CVE-2018-21037 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | 8.8 |
| 2019-04-15 | CVE-2017-18366 | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.1.5 Subrion CMS 4.1.5 has CSRF in blog/delete/. | 8.8 |
| 2018-11-21 | CVE-2018-19422 | Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1 /panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. | 7.2 |