Vulnerabilities > Plikli > Plikli CMS > 4.0.0

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-19415 SQL Injection vulnerability in Plikli CMS 4.0.0
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.
network
low complexity
plikli CWE-89
7.5
7.5
2019-01-03 CVE-2018-19414 Cross-site Scripting vulnerability in Plikli CMS 4.0.0
Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php.
network
plikli CWE-79
4.3
4.3