Subrion

This hub aggregates every CVE we track for Subrion, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Subrion.

• CVE-2024-25400Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a cla...9.8Feb 27, 2024
• CVE-2023-46947Subrion 4.2.1 has a remote command execution vulnerability in the backend.8.8Nov 3, 2023
• CVE-2023-43884A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected in...5.4Sep 28, 2023
• CVE-2023-43828A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.5.4Sep 27, 2023
• CVE-2023-43830A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several...5.4Sep 27, 2023
• CVE-2021-41948A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".5.4Apr 29, 2022
• CVE-2020-22330Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page.6.1Aug 6, 2021
• CVE-2020-18155SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection.9.8Jul 14, 2021
• CVE-2020-23761Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the "payment gateway" column on transactions tab.6.1Apr 9, 2021
• CVE-2019-7356Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.5.4Nov 4, 2020
• CVE-2019-20390A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authen...8.1May 15, 2020
• CVE-2019-20389An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within m...6.1May 15, 2020
• CVE-2020-12467Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.6.5Apr 29, 2020
• CVE-2020-12468Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.7.8Apr 29, 2020
• CVE-2020-12469admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.6.5Apr 29, 2020