Ferretcms Project » Ferretcms : Security Vulnerabilities, CVEs,

CVE-2015-1374

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.
Max CVSS
6.8
EPSS Score
0.09%
Published
2015-01-27
Updated
2015-01-28

CVE-2015-1373

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action.
Max CVSS
4.3
EPSS Score
1.57%
Published
2015-01-27
Updated
2015-01-28

CVE-2015-1372

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
Max CVSS
7.5
EPSS Score
0.32%
Published
2015-01-27
Updated
2015-01-28

CVE-2015-1371

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/.
Max CVSS
7.5
EPSS Score
0.39%
Published
2015-01-27
Updated
2015-01-28
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close