Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

cms — Vulnerabilities & Security Advisories 251

All 251 CVE vulnerabilities found in cms, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of Common Weakness Enumeration (CWE) vulnerabilities affecting the CMS product category. It serves as a centralized resource for tracking security issues across various Content Management Systems, offering insights into the most prevalent weakness types and their impact on different implementations. The content on this page collects reported vulnerabilities spanning from the early 2000s to the present day, covering a wide historical range of security incidents. It aggregates data from multiple vendors and open-source projects, ensuring a broad perspective on the evolving threat landscape for content management platforms. By compiling these records, the page highlights trends in coding errors, configuration mistakes, and design flaws that have been exploited or identified over time. Here, users can discover how to track a specific vendor's security advisories to stay informed about recent patches and known issues. Additionally, the page allows for a deeper understanding of a particular weakness class by showing its frequency and severity across different CMS environments. Users can also look up a product's vulnerability history to assess its long-term security posture and compare it against industry benchmarks. This structured approach aids security professionals, developers, and auditors in making informed decisions regarding risk management and remediation strategies for their content management systems.

Vendor: Mambo

CVE IDTitleCVSSSeverityPublished
CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal CWE-22 2.7 Low2025-05-31
CVE-2025-35939 Craft CMS stores user-provided content in session files CWE-472 5.3 Medium2025-05-07
CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI CWE-1336 7.2AIHighAI2025-05-05
CVE-2025-32432 Craft CMS Allows Remote Code Execution CWE-94 10.0 Critical2025-04-25
CVE-2025-3534 PowerCreator CMS OpenPublicCourse.aspx sql injection CWE-89 6.3 Medium2025-04-13
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal CWE-22 4.3 Medium2025-04-04
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting CWE-79 2.4 Low2025-03-27
CVE-2025-2220 Odyssey CMS reCAPTCHA odyssey_contact_form.php key management CWE-320 3.3 Low2025-03-12
CVE-2025-1544 dingfanzu CMS loadShopInfo.php sql injection CWE-89 6.3 Medium2025-02-21
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms CWE-94 8.1 High2025-01-18
CVE-2024-13209 Redaxo CMS Structure Management Page index.php cross site scripting CWE-79 2.4 Low2025-01-09
CVE-2024-47920 Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 7.5 High2024-12-30
CVE-2024-47919 Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 9.8 Critical2024-12-30
CVE-2024-47918 Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-78 6.1 Medium2024-12-30
CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms CWE-94 9.8 -2024-12-18
CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload CWE-22 5.3 Medium2024-11-19
CVE-2024-52291 Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution CWE-22 8.5 High2024-11-13
CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files CWE-552 7.7 High2024-11-13
CVE-2024-52293 Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI CWE-22 7.2 High2024-11-13
CVE-2024-11175 Public CMS Voting Management save cross site scripting CWE-79 3.5 Low2024-11-13
CVE-2024-10761 Umbraco CMS Dashboard frame cross site scripting CWE-79 4.3 Medium2024-11-04
CVE-2024-9294 dingfanzu CMS saveNewPwd.php sql injection CWE-89 6.3 Medium2024-09-27
CVE-2024-45406 Craft CMS stored XSS in breadcrumb list and title fields CWE-80 5.5 Medium2024-09-09
CVE-2024-8303 dingfanzu CMS getBasicInfo.php sql injection CWE-89 6.3 Medium2024-08-29
CVE-2024-8302 dingfanzu CMS chpwd.php sql injection CWE-89 6.3 Medium2024-08-29
CVE-2024-8301 dingfanzu CMS checkin.php sql injection CWE-89 7.3 High2024-08-29
CVE-2024-7657 Gila CMS HTTP POST Request page cross site scripting CWE-79 3.5 Low2024-08-11
CVE-2024-7551 juzaweb CMS Theme Editor default path traversal CWE-22 2.7 Low2024-08-06
CVE-2024-7300 Bolt CMS Showcase Creation showcases cross site scripting CWE-79 3.5 Low2024-07-31
CVE-2024-7299 Bolt CMS Entry Preview page cross site scripting CWE-79 3.5 Low2024-07-31

All 251 known CVE vulnerabilities affecting cms with full Chinese analysis, references, and POCs where available.