Nucleus Cms

nucleus_cms

Vendor: Nucleuscms • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-37770 1Nucleuscms 1Nucleus Cms Jun 17, 2026 Jun 30, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType appl...Show more Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.Show less
CVE-2018-16636 1Nucleuscms 1Nucleus Cms Nov 21, 2024 Dec 10, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
CVE-2015-5454 1Nucleuscms 1Nucleus Cms May 6, 2026 Jul 8, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.
CVE-2011-3760 1Nucleuscms 1Nucleus Cms Apr 29, 2026 Sep 24, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain...Show more Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files.Show less