Vulnerabilities > Kliqqi > High

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2016-10756 Cross-Site Request Forgery (CSRF) vulnerability in Kliqqi CMS 3.0.0.5
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself.
network
low complexity
kliqqi CWE-352
8.8
8.8
2018-05-24 CVE-2018-11405 Cross-Site Request Forgery (CSRF) vulnerability in Kliqqi CMS 2.0.2
Kliqqi 2.0.2 has CSRF in admin/admin_users.php.
network
low complexity
kliqqi CWE-352
8.8
8.8