Evo Evolution Cms vulnerabilities
4 known vulnerabilities affecting evo/evolution_cms.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-47939P2HIGHCVSS 8.8v3.1.62026-05-10
CVE-2021-47939 [HIGH] CWE-94 CVE-2021-47939: Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users w
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbit
nvd
CVE-2023-43341P4MEDIUMCVSS 6.1v3.2.32023-10-19
CVE-2023-43341 [MEDIUM] CWE-79 CVE-2023-43341: Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute
Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter.
nvd
CVE-2020-23238P4MEDIUMCVSS 5.4v2.0.22021-07-26
CVE-2020-23238 [MEDIUM] CWE-79 CVE-2020-23238: Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
nvd
CVE-2023-43340P4MEDIUMCVSS 5.2v3.2.32023-10-19
CVE-2023-43340 [MEDIUM] CWE-79 CVE-2023-43340: Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arb
Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters
nvd