Vulnerabilities > Squiz

DATE CVE VULNERABILITY TITLE RISK
2022-09-06 CVE-2022-32277 Authorization Bypass Through User-Controlled Key vulnerability in Squiz Matrix 6.20
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details.
network
low complexity
squiz CWE-639
5.3
2019-12-11 CVE-2019-19374 Path Traversal vulnerability in Squiz Matrix
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists.
network
low complexity
squiz CWE-22
7.5
2019-12-11 CVE-2019-19373 Deserialization of Untrusted Data vulnerability in Squiz Matrix
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type.
network
low complexity
squiz CWE-502
5.0
2017-11-30 CVE-2017-14198 Code Injection vulnerability in Squiz Matrix
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3.
network
low complexity
squiz CWE-94
6.5
2017-11-30 CVE-2017-14197 Cross-site Scripting vulnerability in Squiz Matrix
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3.
network
squiz CWE-79
4.3
2017-11-30 CVE-2017-14196 Path Traversal vulnerability in Squiz Matrix
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3.
network
low complexity
squiz CWE-22
5.0
2011-10-08 CVE-2010-4901 Cross-Site Scripting vulnerability in Squiz Mysource Matrix 3.28.3
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
network
squiz CWE-79
4.3
2006-09-08 CVE-2006-4635 Unspecified vulnerability in Squiz Mysource Classic
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II).
network
low complexity
squiz
6.5