Search Results | AttackerKB

Show filters

Topics 41 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

41 Total Results

Displaying 11-20 of 41

Attacker Value

Unknown

CVE-2024-42605

Disclosure Date: August 20, 2024 (last updated August 22, 2024)

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2024-42604

Disclosure Date: August 20, 2024 (last updated August 22, 2024)

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2024-42603

Disclosure Date: August 20, 2024 (last updated August 22, 2024)

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2024-42608

Disclosure Date: August 20, 2024 (last updated August 22, 2024)

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-37677

Disclosure Date: July 25, 2023 (last updated October 08, 2023)

Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-34956

Disclosure Date: August 02, 2022 (last updated February 24, 2025)

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-34955

Disclosure Date: August 02, 2022 (last updated February 24, 2025)

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2015-6655

Disclosure Date: August 31, 2015 (last updated October 05, 2023)

Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.

0

Attacker Value

Unknown

CVE-2014-9096

Disclosure Date: November 26, 2014 (last updated October 05, 2023)

Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.

0

Attacker Value

Unknown

CVE-2012-2435

Disclosure Date: May 27, 2012 (last updated October 04, 2023)

Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.

0