PHP - CVE CyberSecurity Database News (Page 105)

Feb 22, 2024 CSRF Exploit PHP

CVE-2024-26352 - Exploiting CSRF in flusity-CMS v2.33 via /core/tools/add_places.php

--- Introduction In early 2024, security researchers identified a critical Cross-Site Request Forgery (CSRF) vulnerability in flusity-CMS v2.33, a popular open-source content management system.

Feb 22, 2024 CSRF Exploit PHP

CVE-2024-26445 - Critical CSRF Vulnerability in flusity-CMS v2.33 – How Attackers Can Exploit /core/tools/delete_place.php

In February 2024, cybersecurity researchers discovered a serious Cross-Site Request Forgery (CSRF) vulnerability in flusity-CMS version 2.33. This weakness, tracked as CVE-2024-26445, allows attackers

Feb 22, 2024 XSS Exploit PHP

CVE-2024-25875 - Exploiting XSS in Enhavo CMS Header Module (v.13.1) – PoC & Remediation Guide

Overview: Recently, a Cross-Site Scripting (XSS) flaw—CVE-2024-25875—was discovered in the Header module of Enhavo CMS version .13.1. This allows attackers to inject

Feb 22, 2024 XSS PHP

CVE-2024-25873 - Exploiting HTML Injection in Enhavo v.13.1 Blockquote Author Field

Enhavo is a modern open-source CMS written in PHP and Symfony, favored for its modular structure and support for custom content types. However, even polished

Feb 22, 2024 XSS Exploit PHP

CVE-2024-25874 - XSS Vulnerability in Enhavo CMS v.13.1’s Create Tag Field – Details & Exploit Guide

The recently discovered CVE-2024-25874 exposes a critical Cross-Site Scripting (XSS) vulnerability in Enhavo CMS v.13.1. Attackers can exploit this flaw in the New/