MidnightBSD

Advisories for motocms

CVE-2023-36210

MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.

Products Affected

Vendor Product Version
motocms motocms 3.4.3
CVE-2023-36213

SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.

Products Affected

Vendor Product Version
motocms motocms 3.4.3