Vulnerabilities > Tribalsystems > Zenario > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-14 | CVE-2021-42171 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to File Upload. | 6.5 |
2022-02-24 | CVE-2022-23043 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. | 6.5 |
2021-04-16 | CVE-2021-26830 | SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729 SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. | 6.4 |
2018-10-19 | CVE-2018-18420 | Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | 6.8 |
2018-01-22 | CVE-2018-5960 | SQL Injection vulnerability in Tribalsystems Zenario Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | 6.5 |