cbcvebase.

Gdidees Cms vulnerabilities

5 known vulnerabilities affecting gdidees/gdidees_cms.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-27179P2HIGHCVSS 7.5PoC≤ 3.9.12023-04-11
CVE-2023-27179 [HIGH] CWE-434 CVE-2023-27179: GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
nvd
CVE-2023-27178P3CRITICALCVSS 9.8v3.9.12023-04-10
CVE-2023-27178 [CRITICAL] CWE-434 CVE-2023-27178: An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.
nvd
CVE-2024-46101P3CRITICALCVSS 9.8≤ 3.9.12024-09-20
CVE-2024-46101 [CRITICAL] CWE-434 CVE-2024-46101: GDidees CMS <= v3.9.1 has a file upload vulnerability. GDidees CMS <= v3.9.1 has a file upload vulnerability.
nvd
CVE-2023-27180P3HIGHCVSS 7.5≤ 3.9.12023-04-07
CVE-2023-27180 [HIGH] CWE-552 CVE-2023-27180: GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup fe GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.
nvd
CVE-2023-44758P4MEDIUMCVSS 5.4v3.9.22023-10-06
CVE-2023-44758 [MEDIUM] CWE-79 CVE-2023-44758: GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to e GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.
nvd
Gdidees Cms vulnerabilities | cvebase