Search criteria
45 vulnerabilities found for razorcms by razorcms
FKIE_CVE-2018-19905
Vulnerability from fkie_nvd - Published: 2018-12-31 15:29 - Updated: 2025-05-06 19:15
Severity ?
Summary
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CEB48A-0CE0-49C0-9C39-E0677BF995B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter."
},
{
"lang": "es",
"value": "Existe inyecci\u00f3n HTML en la versi\u00f3n 3.4.8 de razorCMS mediante el par\u00e1metro /#/page keywords."
}
],
"id": "CVE-2018-19905",
"lastModified": "2025-05-06T19:15:53.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-12-31T15:29:00.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2018-19906
Vulnerability from fkie_nvd - Published: 2018-12-31 15:29 - Updated: 2025-05-06 19:15
Severity ?
Summary
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/smiffy6969/razorCMS/issues/56 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/smiffy6969/razorCMS/issues/56 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CEB48A-0CE0-49C0-9C39-E0677BF995B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter."
},
{
"lang": "es",
"value": "Existe Cross-Site Scripting (XSS) persistente en la versi\u00f3n 3.4.8 de razorCMS mediante el par\u00e1metro /#/page description."
}
],
"id": "CVE-2018-19906",
"lastModified": "2025-05-06T19:15:53.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-12-31T15:29:00.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2018-17986
Vulnerability from fkie_nvd - Published: 2018-10-05 00:29 - Updated: 2024-11-21 03:55
Severity ?
Summary
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/smiffy6969/razorCMS/issues/53 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/smiffy6969/razorCMS/issues/53 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CEB48A-0CE0-49C0-9C39-E0677BF995B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user."
},
{
"lang": "es",
"value": "rars/user/data en razorCMS 3.4.8 permite Cross-Site Request Forgery (CSRF) para cambiar la contrase\u00f1a de un usuario administrador."
}
],
"id": "CVE-2018-17986",
"lastModified": "2024-11-21T03:55:20.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-05T00:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16727
Vulnerability from fkie_nvd - Published: 2018-09-12 16:29 - Updated: 2024-11-21 03:53
Severity ?
Summary
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/smiffy6969/razorCMS/issues/51 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/smiffy6969/razorCMS/issues/51 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2350D7-BEE9-402F-88C1-7B333A9A486C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component."
},
{
"lang": "es",
"value": "razorCMS 3.4.7 permite Cross-Site Scripting (XSS) persistente mediante las palabras clave de la p\u00e1gina de inicio en el componente settings."
}
],
"id": "CVE-2018-16727",
"lastModified": "2024-11-21T03:53:14.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T16:29:03.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16726
Vulnerability from fkie_nvd - Published: 2018-09-12 16:29 - Updated: 2024-11-21 03:53
Severity ?
Summary
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/smiffy6969/razorCMS/issues/52 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/smiffy6969/razorCMS/issues/52 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2350D7-BEE9-402F-88C1-7B333A9A486C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component."
},
{
"lang": "es",
"value": "razorCMS 3.4.7 permite la inyecci\u00f3n HTML mediante la descripci\u00f3n de la p\u00e1gina de inicio en el componente settings."
}
],
"id": "CVE-2018-16726",
"lastModified": "2024-11-21T03:53:14.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T16:29:02.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6038
Vulnerability from fkie_nvd - Published: 2012-11-26 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| razorcms | razorcms | * | |
| razorcms | razorcms | 0.2 | |
| razorcms | razorcms | 0.2 | |
| razorcms | razorcms | 0.2 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.4 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EE7F7F-DA41-49E5-9DCC-E965ABEB0A1A",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9EDF45-CA3B-44B8-A87E-99083223007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:rc:*:*:*:*:*:*",
"matchCriteriaId": "DAF153BB-A565-4EF8-AD68-2340EA5348BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E03AD0-3EA0-4ECE-85D5-564B55FC2D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "618CC69A-C6DE-4A12-85D5-FCBE628B3288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "031CFBEB-690A-4B7B-9C1A-9429EA3C7FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EA6DD600-E055-4FD8-B78C-B380B0027702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1A9BB13B-9AA3-41C0-B14B-CD8B38A1D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "A9B41F7A-CF2D-4C34-B57B-AD909FCDE9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F5B19BB3-8D38-4D4A-928E-75A45A63D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A846A00-D64E-464E-BA76-8BB1F2783BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2C9175-F4AD-40ED-8D56-7132FA5E9B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "1FF15EC0-9537-4A0A-AE25-579A5199E4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "FF9E41CF-D2C4-4712-9CD4-6F8473767D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "02DBB072-813A-4FFA-BA55-1570E4304E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5306443-AEE9-4831-9DFE-07AF1AF791E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a \"path traversal.\""
},
{
"lang": "es",
"value": "admin/core/admin_func.php en razorCMS antes de v1.2.1 no restringe correctamente el acceso a determinados directorios y archivos de administrador, lo que permite a usuarios remotos autenticados leer, editar, renombrar, mover, copiar y borrar archivos a trav\u00e9s de la (1) el par\u00e1metro dir en un \u0027fileman\u0027 \u00f3 (2) una acci\u00f3n filemanview. NOTA: este problema ha sido referido como un \"salto de ruta\".\r\n"
}
],
"id": "CVE-2012-6038",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-26T22:55:01.190",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78230"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47461"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51344"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5918
Vulnerability from fkie_nvd - Published: 2012-11-19 12:10 - Updated: 2025-04-11 00:51
Severity ?
Summary
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E90791-6EA7-4BE5-9D0B-63A2746660DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory."
},
{
"lang": "es",
"value": "razorCMS v1.2 permite a usuarios remotos autenticadosacceder a directorios y archivos de administrador mediante la creaci\u00f3n y eliminaci\u00f3n de un directorio."
}
],
"id": "CVE-2012-5918",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-19T12:10:54.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18344"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1900
Vulnerability from fkie_nvd - Published: 2012-10-22 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| razorcms | razorcms | * | |
| razorcms | razorcms | 0.2 | |
| razorcms | razorcms | 0.2 | |
| razorcms | razorcms | 0.2 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.3 | |
| razorcms | razorcms | 0.4 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.0 | |
| razorcms | razorcms | 1.1 | |
| razorcms | razorcms | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4876FEF-BDCB-418C-A924-C679A538D155",
"versionEndIncluding": "1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9EDF45-CA3B-44B8-A87E-99083223007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:rc:*:*:*:*:*:*",
"matchCriteriaId": "DAF153BB-A565-4EF8-AD68-2340EA5348BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "23E03AD0-3EA0-4ECE-85D5-564B55FC2D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "618CC69A-C6DE-4A12-85D5-FCBE628B3288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "031CFBEB-690A-4B7B-9C1A-9429EA3C7FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "EA6DD600-E055-4FD8-B78C-B380B0027702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:beta2:*:*:*:*:*:*",
"matchCriteriaId": "1A9BB13B-9AA3-41C0-B14B-CD8B38A1D020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:rc:*:*:*:*:*:*",
"matchCriteriaId": "A9B41F7A-CF2D-4C34-B57B-AD909FCDE9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F5B19BB3-8D38-4D4A-928E-75A45A63D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A846A00-D64E-464E-BA76-8BB1F2783BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2C9175-F4AD-40ED-8D56-7132FA5E9B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "1FF15EC0-9537-4A0A-AE25-579A5199E4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "FF9E41CF-D2C4-4712-9CD4-6F8473767D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "02DBB072-813A-4FFA-BA55-1570E4304E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5306443-AEE9-4831-9DFE-07AF1AF791E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E90791-6EA7-4BE5-9D0B-63A2746660DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en admin/index.php en RazorCMS v1.2.1 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores en las solicitudes que eliminan p\u00e1ginas web arbitrarias a trav\u00e9s de una acci\u00f3n showcats."
}
],
"id": "CVE-2012-1900",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-22T23:55:05.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-5051
Vulnerability from fkie_nvd - Published: 2011-11-23 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2C9175-F4AD-40ED-8D56-7132FA5E9B59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en admin/core/admin_func.php in razorCMS v1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro content en una acci\u00f3n edit de admin/index.php"
}
],
"id": "CVE-2010-5051",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-23T01:55:04.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39961"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/40373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/40373"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1461
Vulnerability from fkie_nvd - Published: 2009-04-28 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5571FE14-5D75-41F7-9C41-96FBC0F79382",
"versionEndIncluding": "0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9EDF45-CA3B-44B8-A87E-99083223007C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el formulario Create New Page en razorCMS v0.3 RC2 y anteriores permite a usuarios remotos autenticados inyectar scripts web arbitrarios o HTML a trav\u00e9s del campo Page Title."
}
],
"id": "CVE-2009-1461",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-28T16:30:03.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=123998062108561\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://razorcms.co.uk/support/viewtopic.php?f=13\u0026t=325"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34854"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=123998062108561\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://razorcms.co.uk/support/viewtopic.php?f=13\u0026t=325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50357"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1460
Vulnerability from fkie_nvd - Published: 2009-04-28 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52856284-CC33-4779-8A9D-A9A02FEA6654",
"versionEndIncluding": "0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9EDF45-CA3B-44B8-A87E-99083223007C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F5B19BB3-8D38-4D4A-928E-75A45A63D6E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator\u0027s password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact."
},
{
"lang": "es",
"value": "razorCMS anterior a v0.4 utiliza permisos d\u00e9biles para (1) admin/core/admin_config.php, lo cual permite a los usuarios locales obtener el hash de la contrase\u00f1a del administrador y las credenciales del usuario FTP; y (2) el directorio ra\u00edz, (3) datastore/, y (4) admin/core/, lo cual permite a los usuarios locales a tener un impacto no especificado."
}
],
"id": "CVE-2009-1460",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-28T16:30:03.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=123990481506680\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=123998062108561\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53777"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://razorcms.co.uk/support/viewtopic.php?f=13\u0026t=325"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34744"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34566"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=123990481506680\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=123998062108561\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://razorcms.co.uk/support/viewtopic.php?f=13\u0026t=325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49946"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1458
Vulnerability from fkie_nvd - Published: 2009-04-28 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:razorcms:razorcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52856284-CC33-4779-8A9D-A9A02FEA6654",
"versionEndIncluding": "0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:razorcms:razorcms:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9EDF45-CA3B-44B8-A87E-99083223007C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/index.php en razorCMS anterior a v0.4 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de (1) el par\u00e1metro slab en una acci\u00f3n de edici\u00f3n, (2) el par\u00e1metro catname en un acci\u00f3n showcats, y (3) el par\u00e1metro cat en una acci\u00f3n reordercat.\r\n\r\n\r\n"
}
],
"id": "CVE-2009-1458",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-28T16:30:03.627",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=123990481506680\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=123998062108561\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53776"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://razorcms.co.uk/support/viewtopic.php?f=13\u0026t=325"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34744"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34566"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=123990481506680\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=123998062108561\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://razorcms.co.uk/support/viewtopic.php?f=13\u0026t=325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49945"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-19905 (GCVE-0-2018-19905)
Vulnerability from cvelistv5 – Published: 2018-12-31 15:00 – Updated: 2025-05-06 19:03
VLAI?
Summary
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-19905",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T18:24:36.709571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:03:19.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-20T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19905",
"datePublished": "2018-12-31T15:00:00.000Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:03:19.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19906 (GCVE-0-2018-19906)
Vulnerability from cvelistv5 – Published: 2018-12-31 15:00 – Updated: 2025-05-06 18:24
VLAI?
Summary
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-19906",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T18:24:10.818953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T18:24:17.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-20T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/56",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
},
{
"name": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19906",
"datePublished": "2018-12-31T15:00:00.000Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2025-05-06T18:24:17.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17986 (GCVE-0-2018-17986)
Vulnerability from cvelistv5 – Published: 2018-10-05 00:00 – Updated: 2024-09-16 18:56
VLAI?
Summary
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/53",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17986",
"datePublished": "2018-10-05T00:00:00Z",
"dateReserved": "2018-10-04T00:00:00Z",
"dateUpdated": "2024-09-16T18:56:16.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16727 (GCVE-0-2018-16727)
Vulnerability from cvelistv5 – Published: 2018-09-12 16:00 – Updated: 2024-08-05 10:32
VLAI?
Summary
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/51",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16727",
"datePublished": "2018-09-12T16:00:00",
"dateReserved": "2018-09-08T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16726 (GCVE-0-2018-16726)
Vulnerability from cvelistv5 – Published: 2018-09-12 16:00 – Updated: 2024-08-05 10:32
VLAI?
Summary
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/52",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16726",
"datePublished": "2018-09-12T16:00:00",
"dateReserved": "2018-09-08T00:00:00",
"dateUpdated": "2024-08-05T10:32:53.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6038 (GCVE-0-2012-6038)
Vulnerability from cvelistv5 – Published: 2012-11-26 22:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"name": "47461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47461"
},
{
"name": "razorcms-adminfunc-security-bypass(72268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
},
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"name": "51344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51344"
},
{
"name": "78230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a \"path traversal.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"name": "47461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47461"
},
{
"name": "razorcms-adminfunc-security-bypass(72268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
},
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"name": "51344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51344"
},
{
"name": "78230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a \"path traversal.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip",
"refsource": "CONFIRM",
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"name": "47461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47461"
},
{
"name": "razorcms-adminfunc-security-bypass(72268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
},
{
"name": "18344",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"name": "51344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51344"
},
{
"name": "78230",
"refsource": "OSVDB",
"url": "http://osvdb.org/78230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6038",
"datePublished": "2012-11-26T22:00:00",
"dateReserved": "2012-11-26T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5918 (GCVE-0-2012-5918)
Vulnerability from cvelistv5 – Published: 2012-11-19 11:00 – Updated: 2024-09-16 22:30
VLAI?
Summary
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-19T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18344",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5918",
"datePublished": "2012-11-19T11:00:00Z",
"dateReserved": "2012-11-18T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:54.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1900 (GCVE-0-2012-1900)
Vulnerability from cvelistv5 – Published: 2012-10-22 23:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"name": "18575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"name": "razorcms-deletewebpage-csrf(73902)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"name": "18575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"name": "razorcms-deletewebpage-csrf(73902)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"name": "18575",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"name": "razorcms-deletewebpage-csrf(73902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1900",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5051 (GCVE-0-2010-5051)
Vulnerability from cvelistv5 – Published: 2011-11-23 01:00 – Updated: 2024-08-07 04:09
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39961"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"name": "20100525 XSS vulnerability in razorCMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"name": "40373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39961"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"name": "20100525 XSS vulnerability in razorCMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"name": "40373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39961"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"name": "20100525 XSS vulnerability in razorCMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"name": "40373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5051",
"datePublished": "2011-11-23T01:00:00",
"dateReserved": "2011-11-22T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19905 (GCVE-0-2018-19905)
Vulnerability from nvd – Published: 2018-12-31 15:00 – Updated: 2025-05-06 19:03
VLAI?
Summary
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-19905",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T18:24:36.709571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:03:19.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-20T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2018-19905/blob/master/RAZOR_HTML.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19905",
"datePublished": "2018-12-31T15:00:00.000Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:03:19.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19906 (GCVE-0-2018-19906)
Vulnerability from nvd – Published: 2018-12-31 15:00 – Updated: 2025-05-06 18:24
VLAI?
Summary
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-19906",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T18:24:10.818953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T18:24:17.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-20T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/56",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/56"
},
{
"name": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2018-19906/blob/master/razor_xss.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19906",
"datePublished": "2018-12-31T15:00:00.000Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2025-05-06T18:24:17.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17986 (GCVE-0-2018-17986)
Vulnerability from nvd – Published: 2018-10-05 00:00 – Updated: 2024-09-16 18:56
VLAI?
Summary
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/53",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/53"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17986",
"datePublished": "2018-10-05T00:00:00Z",
"dateReserved": "2018-10-04T00:00:00Z",
"dateUpdated": "2024-09-16T18:56:16.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16727 (GCVE-0-2018-16727)
Vulnerability from nvd – Published: 2018-09-12 16:00 – Updated: 2024-08-05 10:32
VLAI?
Summary
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/51",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16727",
"datePublished": "2018-09-12T16:00:00",
"dateReserved": "2018-09-08T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16726 (GCVE-0-2018-16726)
Vulnerability from nvd – Published: 2018-09-12 16:00 – Updated: 2024-08-05 10:32
VLAI?
Summary
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smiffy6969/razorCMS/issues/52",
"refsource": "MISC",
"url": "https://github.com/smiffy6969/razorCMS/issues/52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16726",
"datePublished": "2018-09-12T16:00:00",
"dateReserved": "2018-09-08T00:00:00",
"dateUpdated": "2024-08-05T10:32:53.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6038 (GCVE-0-2012-6038)
Vulnerability from nvd – Published: 2012-11-26 22:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"name": "47461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47461"
},
{
"name": "razorcms-adminfunc-security-bypass(72268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
},
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"name": "51344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51344"
},
{
"name": "78230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a \"path traversal.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"name": "47461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47461"
},
{
"name": "razorcms-adminfunc-security-bypass(72268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
},
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"name": "51344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51344"
},
{
"name": "78230",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a \"path traversal.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip",
"refsource": "CONFIRM",
"url": "http://www.razorcms.co.uk/archive/core/old/razorCMS_core_v1_2_1_STABLE.zip"
},
{
"name": "47461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47461"
},
{
"name": "razorcms-adminfunc-security-bypass(72268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72268"
},
{
"name": "18344",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18344"
},
{
"name": "51344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51344"
},
{
"name": "78230",
"refsource": "OSVDB",
"url": "http://osvdb.org/78230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6038",
"datePublished": "2012-11-26T22:00:00",
"dateReserved": "2012-11-26T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5918 (GCVE-0-2012-5918)
Vulnerability from nvd – Published: 2012-11-19 11:00 – Updated: 2024-09-16 22:30
VLAI?
Summary
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-19T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18344",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18344",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5918",
"datePublished": "2012-11-19T11:00:00Z",
"dateReserved": "2012-11-18T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:54.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1900 (GCVE-0-2012-1900)
Vulnerability from nvd – Published: 2012-10-22 23:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"name": "18575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"name": "razorcms-deletewebpage-csrf(73902)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"name": "18575",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"name": "razorcms-deletewebpage-csrf(73902)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/110593/RazorCMS-1.2.1-STABLE-Cross-Site-Request-Forgery.html"
},
{
"name": "18575",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18575"
},
{
"name": "razorcms-deletewebpage-csrf(73902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73902"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1900",
"datePublished": "2012-10-22T23:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5051 (GCVE-0-2010-5051)
Vulnerability from nvd – Published: 2011-11-23 01:00 – Updated: 2024-08-07 04:09
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39961"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"name": "20100525 XSS vulnerability in razorCMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"name": "40373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39961"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"name": "20100525 XSS vulnerability in razorCMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"name": "40373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39961"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_razorcms.html"
},
{
"name": "20100525 XSS vulnerability in razorCMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511457/100/0/threaded"
},
{
"name": "40373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5051",
"datePublished": "2011-11-23T01:00:00",
"dateReserved": "2011-11-22T00:00:00",
"dateUpdated": "2024-08-07T04:09:38.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}