← Back

Sitemagic

sitemagic

5 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Sitemagic
sitemagic
3 CVEs
Sitemagic Cms
sitemagic_cms
2 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-53921
1Sitemagic
1Sitemagic Cms
Dec 31, 2025
Dec 17, 2025
8.7 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload...Show more
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.Show less
CVE-2019-18220
1Sitemagic
1Sitemagic
Nov 21, 2024
Oct 23, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This...Show more
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) issue as it doesn't implement any method to validate incoming requests, allowing the execution of critical functionalities via spoofed requests. This behavior could be abused by a remote unauthenticated attacker to trick Sitemagic users into performing unwarranted actions.Show less
CVE-2019-18219
1Sitemagic
1Sitemagic
Nov 21, 2024
Oct 23, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST r...Show more
Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulnerability, as it fails to validate user input. The affected components (index.php, upgrade.php) allow for JavaScript injection within both GET or POST requests, via a crafted URL or via the UpgradeMode POST parameter.Show less
CVE-2019-10238
1Sitemagic
1Sitemagic
Nov 21, 2024
Mar 27, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter.
CVE-2019-9042
1Sitemagic
1Sitemagic Cms
Nov 21, 2024
Feb 23, 2019
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects...Show more
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External ModulesShow less