cbcvebase.

Pligg Cms vulnerabilities

43 known vulnerabilities affecting pligg/pligg_cms.

Total CVEs
43
CISA KEV
0
Public exploits
13
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH28MEDIUM12

Vulnerabilities

Page 1 of 3
CVE-2008-7090P3HIGHCVSS 7.8PoC≤ 9.9v9.52009-08-26
CVE-2008-7090 [HIGH] CWE-22 CVE-2008-7090: Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
nvd
CVE-2014-9096P3HIGHCVSS 7.5PoC≤ 2.0.12014-11-26
CVE-2014-9096 [HIGH] CWE-89 CVE-2014-9096: Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote at Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
nvd
CVE-2008-7091P3HIGHCVSS 7.5PoC≤ 9.9.0v9.5+1 more2009-08-26
CVE-2008-7091 [HIGH] CWE-89 CVE-2008-7091: Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute ar Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (
nvd
CVE-2008-5739P3HIGHCVSS 7.5PoCv9.9.52008-12-26
CVE-2008-5739 [HIGH] CWE-89 CVE-2008-5739: SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
nvd
CVE-2011-5022P3HIGHCVSS 7.5PoCv1.1.22011-12-29
CVE-2011-5022 [HIGH] CWE-89 CVE-2011-5022: SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbi SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.
nvd
CVE-2008-6968P3HIGHCVSS 7.5PoCv9.9.52009-08-13
CVE-2008-6968 [HIGH] CWE-89 CVE-2008-6968: Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to ex Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
nvd
CVE-2007-5579P3HIGHCVSS 7.5PoCv9.52007-10-18
CVE-2007-5579 [HIGH] CWE-255 CVE-2007-5579: login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, w login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
nvd
CVE-2008-3366P3HIGHCVSS 7.5PoCv9.9.02008-07-30
CVE-2008-3366 [HIGH] CVE-2008-3366: SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.
nvd
CVE-2008-1774P3HIGHCVSS 7.5PoCv9.9.02008-04-14
CVE-2008-1774 [HIGH] CWE-89 CVE-2008-1774: SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitr SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2015-6655P4MEDIUMCVSS 6.8PoCv2.0.22015-08-31
CVE-2015-6655 [MEDIUM] CWE-352 CVE-2015-6655: Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
nvd
CVE-2023-37677P3CRITICALCVSS 9.8v2.0.22023-07-25
CVE-2023-37677 [CRITICAL] CWE-434 CVE-2023-37677: Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vuln Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.
nvd
CVE-2022-34955P3CRITICALCVSS 9.8v2.0.22022-08-02
CVE-2022-34955 [CRITICAL] CWE-89 CVE-2022-34955: Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_siz Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.
nvd
CVE-2022-34956P3CRITICALCVSS 9.8v2.0.22022-08-02
CVE-2022-34956 [CRITICAL] CWE-89 CVE-2022-34956: Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_siz Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.
nvd
CVE-2012-2937P3HIGHCVSS 7.5≤ 1.2.1v1.0.0+14 more2012-05-27
CVE-2012-2937 [HIGH] CWE-89 CVE-2012-2937: Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute a Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple
nvd
CVE-2012-2436P4MEDIUMCVSS 4.3PoC≤ 1.2.1v1.0.0+14 more2012-05-27
CVE-2012-2436 [MEDIUM] CWE-79 CVE-2012-2436: Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high
nvd
CVE-2011-5023P4MEDIUMCVSS 4.3PoCv1.1.42011-12-29
CVE-2011-5023 [MEDIUM] CVE-2011-5023: Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitr Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.
nvd
CVE-2010-2577P3HIGHCVSS 7.5≤ 1.1.0v1.0.0+4 more2010-08-16
CVE-2010-2577 [HIGH] CWE-89 CVE-2010-2577: Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbit Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php.
nvd
CVE-2010-3013P3HIGHCVSS 7.5≤ 1.1.0v1.0.0+4 more2010-08-16
CVE-2010-3013 [HIGH] CVE-2010-3013: SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execu SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577.
nvd
CVE-2008-7089P4MEDIUMCVSS 4.3PoC≤ 9.9.0v9.5+1 more2009-08-26
CVE-2008-7089 [MEDIUM] CWE-79 CVE-2008-7089: Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.
nvd
CVE-2024-42604P4HIGHCVSS 8.8v2.0.22024-08-20
CVE-2024-42604 [HIGH] CWE-352 CVE-2024-42604: Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3
nvd
Pligg Cms vulnerabilities | cvebase