Skip to main content

Pyrocms

5 CVEs product

Monthly

CVE-2023-29689 PHP CRITICAL POC THREAT Act Now

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pyrocms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
41.1%
CVE-2022-37721 PHP CRITICAL Act Now

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Pyrocms
NVD VulDB
CVSS 3.1
9.0
EPSS
0.7%
CVE-2022-35118 MEDIUM This Month

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pyrocms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-25263 PHP HIGH POC This Week

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pyrocms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-25262 PHP MEDIUM POC This Month

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pyrocms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
EPSS 41% CVSS 9.8
CRITICAL POC THREAT Act Now

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pyrocms
NVD Exploit-DB
EPSS 1% CVSS 9.0
CRITICAL Act Now

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Pyrocms
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pyrocms
NVD GitHub VulDB
EPSS 1% CVSS 7.1
HIGH POC This Week

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pyrocms
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pyrocms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy