Vulnerabilities > Squiz
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-06 | CVE-2022-32277 | Authorization Bypass Through User-Controlled Key vulnerability in Squiz Matrix 6.20 Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. | 5.3 |
2019-12-11 | CVE-2019-19374 | Path Traversal vulnerability in Squiz Matrix An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. | 7.5 |
2019-12-11 | CVE-2019-19373 | Deserialization of Untrusted Data vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. | 5.0 |
2017-11-30 | CVE-2017-14198 | Code Injection vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 6.5 |
2017-11-30 | CVE-2017-14197 | Cross-site Scripting vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 4.3 |
2017-11-30 | CVE-2017-14196 | Path Traversal vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. | 5.0 |
2011-10-08 | CVE-2010-4901 | Cross-Site Scripting vulnerability in Squiz Mysource Matrix 3.28.3 Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter. | 4.3 |
2006-09-08 | CVE-2006-4635 | Unspecified vulnerability in Squiz Mysource Classic Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). | 6.5 |