Skip to main content

Nonecms

5 CVEs product

Monthly

CVE-2019-16721 MEDIUM POC This Month

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Nonecms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-20062 CRITICAL POC KEV THREAT Emergency

An issue was discovered in NoneCms V1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Nonecms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.5%
CVE-2018-7219 HIGH POC This Week

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nonecms
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-6029 HIGH POC This Week

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Nonecms
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6022 MEDIUM POC This Month

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP Nonecms
NVD
CVSS 3.0
6.5
EPSS
1.4%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Nonecms
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

An issue was discovered in NoneCms V1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Nonecms
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Nonecms
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Nonecms
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy