contrid — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting contrid. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Contrid is a content management system primarily used for building and managing websites, particularly in small to medium-sized businesses. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its eight recorded CVEs. The platform's security characteristics include frequent input validation weaknesses and insufficient access controls, with notable incidents involving authenticated RCE through improper sanitization of user-supplied parameters. While no major public breaches have been widely documented, its consistent vulnerability pattern suggests ongoing challenges in secure coding practices, particularly in handling user data and authentication mechanisms.

Top products by contrid: Newsletters Slideshow Gallery LITE

CVEs 8

CVE ID	Title	CVSS	Severity	Published
CVE-2025-4857	Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion — NewslettersCWE-22	7.2	High	2025-05-31
CVE-2025-3107	Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter — NewslettersCWE-89	6.5	Medium	2025-05-13
CVE-2025-2009	Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting — NewslettersCWE-79	7.2	High	2025-03-26
CVE-2024-13739	Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter — NewslettersCWE-79	6.1	Medium	2025-03-22
CVE-2024-10181	Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode — NewslettersCWE-79	6.4	Medium	2024-10-29
CVE-2024-8247	Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation — NewslettersCWE-269	8.8	High	2024-09-06
CVE-2024-7411	Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure — NewslettersCWE-200	5.3	Medium	2024-08-15
CVE-2024-5543	Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection — Slideshow Gallery LITECWE-89	8.1	High	2024-06-12

This page lists every published CVE security advisory associated with contrid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

contrid — Vulnerabilities & Security Advisories 8