Elitecms Elite Cms vulnerabilities
17 known vulnerabilities affecting elitecms/elite_cms.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-24218P3CRITICALCVSS 9.1v1.02022-02-01
CVE-2022-24218 [CRITICAL] CVE-2022-24218: An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.
An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.
nvd
CVE-2022-30808P3CRITICALCVSS 9.8v1.012022-06-02
CVE-2022-30808 [CRITICAL] CWE-434 CVE-2022-30808: elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.
nvd
CVE-2023-42331P3HIGHCVSS 8.8v1.012023-09-20
CVE-2023-42331 [HIGH] CWE-434 CVE-2023-42331: A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via
A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.
nvd
CVE-2022-30813P3CRITICALCVSS 9.8v1.012022-06-02
CVE-2022-30813 [CRITICAL] CWE-89 CVE-2022-30813: elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.
elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.
nvd
CVE-2022-30815P3CRITICALCVSS 9.8v1.012022-06-02
CVE-2022-30815 [CRITICAL] CWE-89 CVE-2022-30815: elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=
nvd
CVE-2022-30809P3CRITICALCVSS 9.8v1.012022-06-02
CVE-2022-30809 [CRITICAL] CWE-89 CVE-2022-30809: elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.
nvd
CVE-2022-30816P3CRITICALCVSS 9.8v1.012022-06-02
CVE-2022-30816 [CRITICAL] CWE-89 CVE-2022-30816: elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.
nvd
CVE-2021-46093P3CRITICALCVSS 9.8v1.02022-02-01
CVE-2021-46093 [CRITICAL] CWE-276 CVE-2021-46093: eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.
eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.
nvd
CVE-2022-24219P3CRITICALCVSS 9.8v1.02022-02-01
CVE-2022-24219 [CRITICAL] CWE-89 CVE-2022-24219: eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.
nvd
CVE-2022-24220P3CRITICALCVSS 9.8v1.02022-02-01
CVE-2022-24220 [CRITICAL] CWE-89 CVE-2022-24220: eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.
nvd
CVE-2022-24221P3CRITICALCVSS 9.8v1.02022-02-01
CVE-2022-24221 [CRITICAL] CWE-89 CVE-2022-24221: eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.
nvd
CVE-2022-24222P3CRITICALCVSS 9.8v1.02022-02-01
CVE-2022-24222 [CRITICAL] CWE-89 CVE-2022-24222: eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.
nvd
CVE-2022-30814P3CRITICALCVSS 9.8v1.012022-06-02
CVE-2022-30814 [CRITICAL] CWE-89 CVE-2022-30814: elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.
nvd
CVE-2022-30810P3CRITICALCVSS 9.8v1.012022-06-02
CVE-2022-30810 [CRITICAL] CWE-89 CVE-2022-30810: elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.
elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.
nvd
CVE-2018-12250P3HIGHCVSS 7.2v2.012019-07-03
CVE-2018-12250 [HIGH] CWE-89 CVE-2018-12250: An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vu
An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.php, the ?page= parameter is vulnerable to SQL injection.
nvd
CVE-2022-30804P4MEDIUMCVSS 6.5v1.012022-06-02
CVE-2022-30804 [MEDIUM] CWE-22 CVE-2022-30804: elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.
elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.
nvd
CVE-2022-40361P4MEDIUMCVSS 6.1v1.2.112024-01-11
CVE-2022-40361 [MEDIUM] CWE-79 CVE-2022-40361: Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code vi
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.
nvd