Elefantcms » Elefantcms : Security Vulnerabilities, CVEs, CVSS score >= 7
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
Max CVSS
8.8
EPSS Score
0.12%
Published
2018-09-03
Updated
2018-10-25
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
Max CVSS
9.8
EPSS Score
0.19%
Published
2018-08-21
Updated
2018-10-19
2 vulnerabilities found