Product:

Subrion

(Intelliants)
Repositories https://github.com/intelliants/subrion
#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2024-02-27 CVE-2024-25400 Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file. Subrion N/A
2021-04-09 CVE-2020-23761 Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab. Subrion 6.1
2021-07-14 CVE-2020-18155 SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. Subrion 9.8
2021-08-06 CVE-2020-22330 Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. Subrion 6.1
2022-04-29 CVE-2021-41948 A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". Subrion 5.4