Skip to main content

Elite Cms

10 CVEs product

Monthly

CVE-2022-40361 MEDIUM This Month

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Elite Cms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-42331 HIGH POC This Week

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Elite Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-30816 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30815 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30814 CRITICAL POC Act Now

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30813 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30810 CRITICAL POC Act Now

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30809 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30808 CRITICAL POC THREAT Act Now

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-30804 MEDIUM POC This Month

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Elite Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Elite Cms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
EPSS 16% CVSS 9.8
CRITICAL POC THREAT Act Now

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Elite Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy