Studio Fabryka Dobrycms vulnerabilities
4 known vulnerabilities affecting studio_fabryka/dobrycms.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-14532P2CRITICALCVSS 9.8≥ 1.0, ≤ 1.*≥ 2.0, ≤ 2.*+1 more2026-03-02
CVE-2025-14532 [CRITICAL] CWE-434 CVE-2025-14532: DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of an
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution.
This issue was fixed in versions above 5.0.
nvd
CVE-2025-12462P2CRITICALCVSS 9.3fixed in 8.02026-03-02
CVE-2025-12462 [CRITICAL] CWE-89 CVE-2025-12462: A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attac
A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection.
This issue was fixed in versions above 8.0.
nvd
CVE-2025-8536P3CRITICALCVSS 9.3fixed in 3.02025-10-24
CVE-2025-8536 [CRITICAL] CWE-89 CVE-2025-8536: A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input prov
A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks.
This issue affects older branches of this software.
nvd
CVE-2025-4379P4MEDIUMCVSS 5.1≤ 2.*2025-05-23
CVE-2025-4379 [MEDIUM] CWE-79 CVE-2025-4379: DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper i
DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened.
A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the ver
nvd