← Back

Sitemagic Cms

sitemagic_cms

Vendor: Sitemagic • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-53921
1Sitemagic
1Sitemagic Cms
Dec 31, 2025
Dec 17, 2025
8.7 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload...Show more
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.Show less
CVE-2019-9042
1Sitemagic
1Sitemagic Cms
Nov 21, 2024
Feb 23, 2019
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects...Show more
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External ModulesShow less