Thedigitalcraft Atomcms vulnerabilities
11 known vulnerabilities affecting thedigitalcraft/atomcms.
Total CVEs
11
CISA KEV
0
Public exploits
7
Exploited in wild
2
Severity breakdown
CRITICAL8HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-25487P1CRITICALCVSS 9.8ExploitedPoCv2.02022-03-15
CVE-2022-25487 [CRITICAL] CWE-434 CVE-2022-25487: Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploa
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.
nvd
CVE-2022-25488P2CRITICALCVSS 9.8ExploitedPoCv2.02022-03-15
CVE-2022-25488 [CRITICAL] CWE-89 CVE-2022-25488: Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
nvd
CVE-2022-24223P2CRITICALCVSS 9.8PoCv2.02022-02-01
CVE-2022-24223 [CRITICAL] CWE-89 CVE-2022-24223: AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
nvd
CVE-2022-28033P2CRITICALCVSS 9.8PoCv2.02022-04-12
CVE-2022-28033 [CRITICAL] CWE-89 CVE-2022-28033: Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php
nvd
CVE-2022-28032P2CRITICALCVSS 9.8PoCv2.02022-04-12
CVE-2022-28032 [CRITICAL] CWE-89 CVE-2022-28032: AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php
nvd
CVE-2014-4852P3HIGHCVSS 7.5PoCv2.02014-07-10
CVE-2014-4852 [HIGH] CWE-89 CVE-2014-4852: SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2022-25489P4MEDIUMCVSS 5.4PoCv2.02022-03-15
CVE-2022-25489 [MEDIUM] CWE-79 CVE-2022-25489: Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php.
nvd
CVE-2022-28034P3CRITICALCVSS 9.8v2.02022-04-12
CVE-2022-28034 [CRITICAL] CWE-89 CVE-2022-28034: AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php
AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php
nvd
CVE-2023-53975P3HIGHCVSS 7.5v2.02025-12-22
CVE-2023-53975 [HIGH] CWE-89 CVE-2023-53975: Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.
nvd
CVE-2022-28035P3CRITICALCVSS 9.8v2.02022-04-12
CVE-2022-28035 [CRITICAL] CWE-89 CVE-2022-28035: Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php
nvd
CVE-2022-28036P3CRITICALCVSS 9.8v2.02022-04-12
CVE-2022-28036 [CRITICAL] CWE-89 CVE-2022-28036: AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php
nvd