Skip to main content

Fork Cms

19 CVEs product

Monthly

CVE-2022-35590 PHP MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-35589 PHP MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-35587 PHP MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-35585 PHP MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-1064 PHP HIGH POC PATCH This Week

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Fork Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-0153 PHP HIGH POC PATCH This Week

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Fork Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-0145 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Fork Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-28931 PHP HIGH PATCH This Week

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fork Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-24036 HIGH POC This Week

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Fork Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-13633 PHP MEDIUM PATCH This Month

Fork before 5.8.3 allows XSS via navigation_title or title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fork Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-15521 PHP CRITICAL PATCH Act Now

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Spoon Library Fork Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-17595 MEDIUM This Month

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fork Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-5215 PHP MEDIUM POC This Month

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2015-1467 HIGH POC This Week

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fork Cms
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.3%
CVE-2012-5164 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Fork Cms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-1188 PHP MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.8%.

XSS Fork Cms
NVD GitHub Exploit-DB
CVSS 2.0
4.3
EPSS
13.8%
CVE-2012-1209 PHP MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Fork Cms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-1208 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Fork Cms
NVD Exploit-DB GitHub
CVSS 2.0
4.3
EPSS
7.5%
CVE-2012-1207 PHP MEDIUM POC PATCH This Month

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Fork Cms
NVD GitHub
CVSS 2.0
5.0
EPSS
0.2%
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Fork Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Fork Cms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Fork Cms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fork Cms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Fork Cms
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Fork before 5.8.3 allows XSS via navigation_title or title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fork Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Spoon Library +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fork Cms
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fork Cms
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Fork Cms
NVD GitHub
EPSS 14% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.8%.

XSS Fork Cms
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Fork Cms
NVD GitHub
EPSS 8% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Fork Cms
NVD Exploit-DB GitHub
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Fork Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy