Skip to main content

Siberiancms

7 CVEs product

Monthly

CVE-2025-1105 MEDIUM This Month

A vulnerability was found in SiberianCMS 4.20.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siberiancms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-41702 CRITICAL Act Now

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39378 HIGH This Week

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39377 HIGH This Week

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Siberiancms
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-39376 MEDIUM This Month

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siberiancms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39375 CRITICAL Act Now

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siberiancms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2017-6906 MEDIUM This Month

An issue was discovered in SiberianCMS before 4.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Siberiancms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in SiberianCMS 4.20.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siberiancms
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
EPSS 1% CVSS 7.2
HIGH This Week

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Siberiancms
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siberiancms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siberiancms
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered in SiberianCMS before 4.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Siberiancms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy