Vulnerabilities > Intelliants > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-46947 Code Injection vulnerability in Intelliants Subrion 4.2.1
Subrion 4.2.1 has a remote command execution vulnerability in the backend.
network
low complexity
intelliants CWE-94
8.8
8.8
2021-07-14 CVE-2020-18155 SQL Injection vulnerability in Intelliants Subrion 4.2.1
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
network
low complexity
intelliants CWE-89
7.5
7.5
2018-11-21 CVE-2018-19422 Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
network
low complexity
intelliants CWE-434
7.2
7.2
2017-07-19 CVE-2017-11445 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
network
low complexity
intelliants CWE-89
7.5
7.5
2017-07-19 CVE-2017-11444 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
network
low complexity
intelliants CWE-89
7.5
7.5
2017-03-27 CVE-2017-6013 SQL Injection vulnerability in Intelliants Subrion CMS 4.0.5.10
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
network
low complexity
intelliants CWE-89
7.5
7.5
2017-01-20 CVE-2017-5543 Code Injection vulnerability in Intelliants Subrion 4.0.5
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
network
low complexity
intelliants CWE-94
7.5
7.5
2012-10-22 CVE-2012-4772 SQL Injection vulnerability in Intelliants Subrion CMS
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
network
low complexity
intelliants CWE-89
7.5
7.5
2012-10-22 CVE-2011-5212 SQL Injection vulnerability in Intelliants Subrion CMS 2.0.4
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.
network
low complexity
intelliants CWE-89
7.5
7.5