Skip to main content

Popojicms

9 CVEs product

Monthly

CVE-2023-50011 HIGH POC This Week

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Popojicms
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2023-5910 MEDIUM This Month

A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic.php of the component Web Config. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Popojicms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-28070 MEDIUM POC This Month

Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2019-18816 MEDIUM POC This Month

po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Popojicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-18815 MEDIUM POC This Month

PopojiCMS 2.0.1 allows refer= Open Redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Popojicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-9549 HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Popojicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-18936 HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Popojicms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-18935 HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-18934 CRITICAL POC Act Now

An issue was discovered in PopojiCMS v2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
EPSS 2% CVSS 7.2
HIGH POC This Week

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Popojicms
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic.php of the component Web Config. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Popojicms
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Popojicms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

PopojiCMS 2.0.1 allows refer= Open Redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Popojicms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Popojicms
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Popojicms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in PopojiCMS v2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in PopojiCMS v2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Popojicms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy