Vulnerabilities > Squiz
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-32277 | Authorization Bypass Through User-Controlled Key vulnerability in Squiz Matrix 6.20 Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. | 5.3 |
| 2019-12-11 | CVE-2019-19374 | Path Traversal vulnerability in Squiz Matrix An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. | 9.1 |
| 2019-12-11 | CVE-2019-19373 | Deserialization of Untrusted Data vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. | 7.5 |
| 2017-11-30 | CVE-2017-14198 | Code Injection vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 8.8 |
| 2017-11-30 | CVE-2017-14197 | Cross-site Scripting vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 6.1 |
| 2017-11-30 | CVE-2017-14196 | Path Traversal vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. | 7.5 |