Skip to main content

Elefantcms

4 CVEs product

Monthly

CVE-2018-16387 PHP HIGH POC PATCH This Week

An issue was discovered in Elefant CMS before 2.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Elefantcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15601 PHP CRITICAL PATCH Act Now

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Elefantcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2012-6521 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Elefantcms
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-1296 PHP MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Elefantcms
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in Elefant CMS before 2.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Elefantcms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Elefantcms
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Elefantcms
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Elefantcms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy