Home/Product/instantcms
Product

instantcms

23 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-28281
< 2.18.1
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which a
7.1HIGH
 CVE-2025-59055
<= 2.17.3
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery (SSRF) vulnerability in Instan
4.7MEDIUM
 CVE-2013-10051
<= 1.6.0
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the sear
9.8CRITICAL
 CVE-2024-50348
< 2.16.3
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input
5.4MEDIUM
 CVE-2024-31213
< 2.16.2
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2
3.5LOW
 CVE-2024-31212
all versions
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which
6.7MEDIUM
 CVE-2023-4928
< 2.16.1
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.
7.2HIGH
 CVE-2023-4879
< 2.16.1
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.
4.8MEDIUM
 CVE-2023-4878
< 2.16.1
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
5.4MEDIUM
 CVE-2023-4704
< 2.16.1
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
4.9MEDIUM
 CVE-2023-4655
< 2.16.1
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.
6.1MEDIUM
 CVE-2023-4654
< 2.16.1
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.
3.5LOW
 CVE-2023-4653
< 2.16.1
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
4.8MEDIUM
 CVE-2023-4652
< 2.16.1
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
5.4MEDIUM
 CVE-2023-4651
< 2.16.1
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.
5.4MEDIUM
 CVE-2023-4650
< 2.16.1
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
4.7MEDIUM
 CVE-2023-4649
< 2.16.1
Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.
5.4MEDIUM
 CVE-2023-4381
< 2.16.1
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
4.3MEDIUM
 CVE-2023-4189
< 2.16.1
Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
4.8MEDIUM
 CVE-2023-4188
< 2.16.1
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
9.1CRITICAL
 CVE-2023-4187
< 2.16.1
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
4.8MEDIUM
 CVE-2018-14382
all versions
InstantCMS 2.10.1 has /redirect?url= XSS.
6.1MEDIUM
 CVE-2013-6839
<= 1.10.3
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh