Skip to main content

Autocms

3 CVEs product

Monthly

CVE-2024-8866 MEDIUM POC This Month

A vulnerability was found in AutoCMS 5.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Autocms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-44725 HIGH POC This Week

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Autocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-44724 HIGH POC This Week

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Autocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in AutoCMS 5.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Autocms
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Autocms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy