Pyrocms vulnerabilities
6 known vulnerabilities affecting pyrocms/pyrocms.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-29689P2CRITICALCVSS 9.8PoCv3.92023-08-04
CVE-2023-29689 [CRITICAL] CVE-2023-29689: PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a ser
PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.
ghsanvdosv
CVE-2022-37721P3CRITICALCVSS 9.0v3.92022-11-25
CVE-2022-37721 [CRITICAL] CWE-79 CVE-2022-37721: PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
ghsanvdosv
CVE-2020-25263P4HIGHCVSS 7.1v3.72020-10-08
CVE-2020-25263 [HIGH] CWE-352 CVE-2020-25263: PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomal
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.
ghsanvdosv
CVE-2024-58297P4MEDIUMCVSS 5.4v3.0.12025-12-11
CVE-2024-58297 [MEDIUM] CWE-79 CVE-2024-58297: PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configura
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.
nvd
CVE-2022-35118P4MEDIUMCVSS 6.1≤ 3.92022-08-01
CVE-2022-35118 [MEDIUM] CWE-79 CVE-2022-35118: PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
nvd
CVE-2020-25262P4MEDIUMCVSS 4.3v3.72020-10-08
CVE-2020-25262 [MEDIUM] CWE-352 CVE-2020-25262: PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: page
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.
ghsanvdosv