Intelliants : Security Vulnerabilities, CVEs,
CVE-2018-19422
Public exploit
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Max CVSS
7.2
EPSS Score
83.51%
Published
2018-11-21
Updated
2023-08-04
CVE-2018-14840
Public exploit
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
Max CVSS
6.1
EPSS Score
0.18%
Published
2018-08-02
Updated
2018-11-08
2 vulnerabilities found