Pragyan Cms Project Pragyan Cms vulnerabilities
5 known vulnerabilities affecting pragyan_cms_project/pragyan_cms.
Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2015-1471P3HIGHCVSS 7.5PoCv3.02015-02-12
CVE-2015-1471 [HIGH] CWE-89 CVE-2015-1471: SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to exe
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
nvd
CVE-2009-1480P3HIGHCVSS 7.5PoCv2.6.42009-04-29
CVE-2009-1480 [HIGH] CWE-89 CVE-2009-1480: SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitr
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
nvd
CVE-2012-6500P3MEDIUMCVSS 5.0PoC≤ 3.0v2.5.4+8 more2013-01-12
CVE-2012-6500 [MEDIUM] CWE-22 CVE-2012-6500: Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote a
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
nvd
CVE-2017-14601P4MEDIUMCVSS 4.9v3.02017-09-19
CVE-2017-14601 [MEDIUM] CWE-89 CVE-2017-14601: Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forw
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
nvd
CVE-2017-14600P4MEDIUMCVSS 4.9v3.02017-09-19
CVE-2017-14600 [MEDIUM] CWE-89 CVE-2017-14600: Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_b
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
nvd