Anchorcms Anchor-Cms vulnerabilities
5 known vulnerabilities affecting anchorcms/anchor-cms.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2018-7251P2CRITICALPoC≥ 0, < 0.12.72022-05-13
CVE-2018-7251 [CRITICAL] CWE-200 Anchor CMS Logs Credentials
Anchor CMS Logs Credentials
An issue was discovered in `config/error.php` in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.
ghsaosv
CVE-2024-29499P4HIGH≥ 0, ≤ 0.12.72024-03-22
CVE-2024-29499 [HIGH] CWE-352 Cross-Site Request Forgery in Anchor CMS
Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.
ghsaosv
CVE-2021-44116P4MEDIUM≥ 0, ≤ 0.12.72022-01-05
CVE-2021-44116 [MEDIUM] CWE-79 Cross-site Scripting in Anchor CMS
Cross-site Scripting in Anchor CMS
Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations.
ghsaosv
CVE-2022-25576P4MEDIUM≥ 0, ≤ 0.12.72022-03-26
CVE-2022-25576 [MEDIUM] CWE-352 Cross-Site Request Forgery in Anchor CMS
Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
ghsaosv
CVE-2024-29338P4MEDIUM≥ 0, ≤ 0.12.72024-03-22
CVE-2024-29338 [MEDIUM] CWE-352 Cross-Site Request Forgery in Anchor CMS
Cross-Site Request Forgery in Anchor CMS
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via `/anchor/admin/categories/delete/2`.
ghsaosv