Product
intelliants subrion
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-25400
CVE-2023-46947
CVE-2023-43884
CVE-2023-43830
CVE-2023-43828
CVE-2021-41948
CVE-2020-22330
CVE-2020-18155
CVE-2020-23761
CVE-2019-7356
CVE-2019-20390
CVE-2019-20389
CVE-2020-12469
CVE-2020-12468
CVE-2020-12467
CVE-2018-21037
CVE-2019-17225
CVE-2018-11317
CVE-2018-15563
CVE-2018-16327
CVE-2018-14840
CVE-2018-14836
CVE-2018-14835
CVE-2017-15063
CVE-2017-10795
CVE-2017-5543
CVE-2014-9120
all versions
Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because
all versions
Subrion 4.2.1 has a remote command execution vulnerability in the backend.
all versions
A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to exec
all versions
A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitr
all versions
A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts
<= 4.2.1
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subject
all versions
Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.
all versions
SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.
<= 4.2.1
Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script v
all versions
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
all versions
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove file
all versions
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbi
<= 4.2.1
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in th
all versions
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/downloa
all versions
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
<= 4.1.5
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI
all versions
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
< 4.1.4
Subrion CMS before 4.1.4 has XSS.
all versions
_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter.
all versions
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.
all versions
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm
all versions
Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access
all versions
Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple
<= 4.1.5
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is f
all versions
Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via t
all versions
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafte
<= 3.2.2
Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTM