Vulnerabilities > Intelliants > Subrion CMS

DATE CVE VULNERABILITY TITLE RISK
2021-10-08 CVE-2021-41947 SQL Injection vulnerability in Intelliants Subrion CMS 4.2.1
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
network
low complexity
intelliants CWE-89
7.2
7.2
2021-08-05 CVE-2020-22392 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.2
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
network
low complexity
intelliants CWE-79
5.4
5.4
2020-12-26 CVE-2020-35437 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
network
low complexity
intelliants CWE-79
6.1
6.1
2020-11-10 CVE-2019-7357 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/.
network
low complexity
intelliants CWE-352
8.8
8.8
2019-05-08 CVE-2019-11406 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
network
low complexity
intelliants CWE-79
6.1
6.1
2019-04-15 CVE-2017-18366 Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.1.5
Subrion CMS 4.1.5 has CSRF in blog/delete/.
network
low complexity
intelliants CWE-352
8.8
8.8
2018-12-04 CVE-2018-16631 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
network
low complexity
intelliants CWE-79
5.4
5.4
2018-12-04 CVE-2018-16629 Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
network
low complexity
intelliants CWE-79
4.8
4.8
2018-11-21 CVE-2018-19422 Unrestricted Upload of File with Dangerous Type vulnerability in Intelliants Subrion CMS 4.2.1
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
network
low complexity
intelliants CWE-434
7.2
7.2
2017-07-19 CVE-2017-11445 SQL Injection vulnerability in Intelliants Subrion CMS
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
network
low complexity
intelliants CWE-89
critical
 9.8
9.8