Vulnerabilities > Pligg > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-42617 Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
network
low complexity
pligg CWE-352
8.8
8.8
2024-08-20 CVE-2024-42618 Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma
network
low complexity
pligg CWE-352
8.8
8.8
2024-08-20 CVE-2024-42621 Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
network
low complexity
pligg CWE-352
8.8
8.8
2024-08-20 CVE-2024-42608 Cross-Site Request Forgery (CSRF) vulnerability in Pligg CMS 2.0.2
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.
network
low complexity
pligg CWE-352
8.8
8.8
2014-11-26 CVE-2014-9096 SQL Injection vulnerability in Pligg CMS
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
network
low complexity
pligg CWE-89
7.5
7.5
2012-05-27 CVE-2012-2937 SQL Injection vulnerability in Pligg CMS
Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module.
network
low complexity
pligg CWE-89
7.5
7.5
2010-08-16 CVE-2010-3013 SQL Injection vulnerability in Pligg CMS
SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577.
network
low complexity
pligg CWE-89
7.5
7.5
2010-08-16 CVE-2010-2577 SQL Injection vulnerability in Pligg CMS
Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php.
network
low complexity
pligg CWE-89
7.5
7.5
2009-08-26 CVE-2008-7091 SQL Injection vulnerability in Pligg CMS
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
network
low complexity
pligg CWE-89
7.5
7.5
2009-08-26 CVE-2008-7090 Path Traversal vulnerability in Pligg CMS
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a ..
network
low complexity
pligg CWE-22
7.8
7.8